Courtesy of Ora DeMorrow

As the wife of a retired military officer, I enjoy the benefits of terrific medical care, strong banking institutions, and much more. With that care, you would think that you’d also have the benefit of feeling sure that your identity is also secure.

Not so. In fact, hackers, terrorists, and thieves all love to target federal institutions. It could be spite, it could be a game, it could be a national threat. No matter. Just because we use TriCare, USAA, and the VA does not mean we are protected from identity theft. Not by a long shot.

Last week, I logged onto the TriWest Web site to check the status of a claim. Up pops a long notice on a breach that had just occurred. Considering the extent of the theft, I’m left exposed. Here’s the bulk of the text from the site. Read it carefully:

A potential compromise of Protected Health Information (PHI) and/or Personally Identifiable Information (PII) belonging to approximately 4,500 TRICARE beneficiaries was recently discovered. The potential compromise occurred because a fax containing an authorization or referral letter was mistakenly faxed to the incorrect number. The majority of the misdirected faxes were sent to healthcare entities governed by privacy laws. Additionally, the fax coversheet used to transmit the authorization and referral letter contained instructions for the disposal of the faxed information in the event that it was sent to an incorrect location; therefore, we believe that the probability is very low that the information would be used for an improper purpose. Those who may have been potentially affected by this compromise will receive a notification letter; however, this notice serves as a general announcement.

The compromised information may include first and last name, sponsor Social Security Number, date of birth, and provider information to include procedures and diagnosis. . . .

Of course, the notice minimizes the possibility of the breach affecting me, but how do I really know?

Four years ago, when the general awareness of identity theft was less widespread, the VA notified the public of a massive incursion in which a database containing sensitive information had been stolen after an employee violated policy and brought the data home. The database contained the names, Social Security numbers, and dates of birth of as many as 26.5 million veterans and their families.

The VA spent many marketing dollars to assure the public that this and all other security risks were being rectified and no other breaches would occur—guaranteed. Then, in May 2010, two more breaches were uncovered. One involved a contractor's laptop that was stolen on April 22 and contained unencrypted personal information on 616 veterans. The second occurred in May and involved "thousands" of veterans' personal information at a VA facility, according to the congressional source familiar with the breach, who spoke on condition of anonymity. Both incidents occurred in Texas.

"These breaches clearly indicate the VA lacks focus on its primary responsibility of protecting veterans' personal information," Representative Steve Buyer (R-Indiana) said in his letter to the VA. "It also shows that senior managers have neglected their responsibilities, that there is no clear definition of responsibilities; nor a delineation of responsibilities.”

This problem has become such a dominant issue that new national identity protection laws—the 2010 Data Security Act, the Data Breach Notification Act, and the Personal Data Privacy and Security Act—are finally working their way through the Senate and appear to have some bipartisan support. These proposals offer a wide-ranging response to the growing problem of identity theft. The idea of the bills is to establish national standards for cases of data breaches—an issue that is now handled by varied and conflicting state laws.

So what does this mean for us? Even with these new laws, we are on our own as individuals. Don’t assume you are safe and protected just because you are using government institutions to house your money, receive financial assistance, and get medical care. These entities are simply an amalgamation of many regular folks, and these folks are not able to eliminate our risk of identity theft.

Always assume that you are exposed. Be proactive: get a service that provides identity theft protection and/or restoration for you and your family. It’s not foolproof, but it does lower your risk somewhat; and most importantly, it gives you some peace of mind.