TAMPA, Fla. -- Identity theft claimed the pay in September for four military personnel at Fort Bragg, N.C., one of America's largest Army bases. Someone rerouted the soldiers' monthly electronic deposits onto prepaid debit cards.
Was it an isolated breach or the start of a larger problem for the military? The answer matters: Only about 1 percent of the 6.6 million people on the defense payroll get paper checks, meaning millions are at risk of such electronic fraud.
The Department of Defense is investigating the Fort Bragg pay losses and has not yet determined whether the victims or the government is liable. For now, victims haven't been repaid.
"It's frustrating, I'll say that," said Army Capt. Stephen Redmon, a 29-year-old artillery officer who lost $3,290.
Redmon's pay was due to be deposited in a USAA Bank account on Sept. 14.
On Sept. 10, he checked his leave and earnings statement on myPay, a website for the military's payroll agency, Defense Finance and Accounting Service.
That's when he noticed the bank change. Instead of going to USAA, his deposit was headed to Bancorp Bank, a large issuer of prepaid debit cards, including the Akimbo Visa, upon which Redmon's $3,290 was about to be captured, then withdrawn.
Julie Redmon, his wife, said the government tried to recall the funds but did not succeed.
Even with a few days' warning, the Redmons could not head off a thief. An investigator told them someone had signed on to the soldier's myPay account using his own login and password.
Roxanne Addis Olson, spokeswoman for the defense payroll agency, confirmed that three other Fort Bragg soldiers reported their pay was diverted.
In some cases, myPay logins were compromised, she said. Customers had accessed myPay at computers infected with key-logging or other malware set to capture private information.
Retired Air Force Col. Gary McAlum, now chief of security for USAA, wasn't surprised to learn that military pay had been hacked, a practice the banking industry calls "account takeover."
USAA provides insurance, banking, investment and retirement services for 9.3 million military members and families.
He said it seemed likely that victims had been hit by key-logging malware. And he mentioned scams in which cyber criminals send emails that appear to be from financial institutions, seeking personal information.
Capt. Redmon said the lost pay has consumed his life. It happened amid a move to Fort Sill, Okla. He and his family have been existing on short-term military loans.
(Reach Tampa Bay Times reporter Patty Ryan at pryantampabay.com.)
INTERNET SAFETY TIPS
From USAA security chief Gary McAlum:
-- Don't answer email requests for personal information, no matter how real they look. Even clicking on links within them can let malware into your computer.
-- Set your antivirus program to update automatically. At least once a week, disconnect from the Internet and run a deep scan. Be sure to update other programs, such as Web browsers.
-- Don't reuse passwords for multiple applications. If you have too many, store them in a digital vault -- protected by a unique password.
From Defense Finance and Accounting Service:
-- Don't use public computers to access your private and financial information. If you must use a public Wi-Fi network, make sure it belongs to the business or library where you're located.
-- Use the virtual keyboard and position yourself where others cannot see you type or read your screen.
-- If you have a military common access or identification verification card, use the SmartCard login feature.
(Distributed by Scripps Howard News Service www.shns.com)