TRICARE beneficiaries' data stolen

NORFOLK, Va. (WAVY.COM) - Nearly five million TRICARE beneficiaries had their personal information stolen, according to government contractor Science Applications International Corporation .

According to TRICARE's website , "TRICARE is the health care program serving active duty service members, National Guard and Reserve members, retirees, families and survivors worldwide."

The theft happened in September. A back up tape containing social security numbers, addresses, phone numbers and personal health data was taken from a car.

"That was two months ago, so it's kind of weird that we didn't get any notification sooner," Navy wife Tina Veach exclaimed.

SAIC says it immediately notified authorities and put a notice on TRICARE's website, but only recently began writing to affected clients.

"I don't necessarily want my health information in the wrong hands, especially if they have my prescriptions and the procedures I've have done," Veach said.

Veach wasn't going to fill out a form to receive a year's worth of free credit monitoring, until she saw WAVY News 10's Facebook page.

Veach explained, "I was like okay, so maybe it's not a scam."

TRICARE and SAIC said filling out the form and sending it in via snail mail or online is the best way to protect yourself.  Anyone who was affected received the form in the mail.

Tina and her husband opted to enter their personal information, including social security number, online.

"We went to the website to put in our information, just so we wouldn't have to worry about this getting to the right people," Veach added.

SAIC says the personal security risk is low, because whoever has the information would have to have an in-depth understanding of data interpretation.

Tina said she would have appreciated hearing from TRICARE, as well. A TRICARE spokesperson said TRICARE did not feel it was necessary to double up on the notification.    

10 On Your Side did some digging. This isn't the first time the government contractor SAIC has had a potential data breach. In 2007, the company announced it may have compromised personal information because it did not encrypt data transmitted online.