A recent data breach involving 98,000 customers of an Army and Air Force Exchange Service concessionaire in Germany was discovered only after an "unidentified individual" emailed all the breached data to AAFES headquarters, officials said.
The 98,000 affected individuals are current and previous customers of SIGA Telecom, which sells cellphones and telecommunication services at concession stores at 16 AAFES locations on installations in Germany. About 27,500 are current customers, said AAFES spokesman Chris Ward. The email with the data was received Feb. 11.
No financial information, Social Security numbers or ID card numbers were released, SIGA Telecom CEO Ayhan Sentuerk said in an email response from Germany to inquiries from Military Times.
The data in question are a limited part of the company's database, Sentuerk said. An investigation is ongoing, and SIGA is "working very closely with all responsible authorities," he added.
The company "has informed or notified all possibly affected customers," Sentuerk said, and the notification was conducted within German privacy laws.
The compromised data include names, Community Mail Room addresses, emails, cellphone numbers and SIM card details. The addresses were CMR addresses, Sentuerk said, because the company's customers generally do not provide their physical addresses for contract registration.
"The information remains internal and to date, there is no evidence of fraudulent use of the information," Sentuerk said.
Of the 98,000 accounts, 27,500 are still active, said AAFES' Ward. The remaining 70,500 had been deactivated, possibly because of a customer relocation, or because the accounts involved a prepaid service, which is often a one-time purchase, he said.
"The internal security vulnerability was eliminated promptly after discovery," Sentuerk said. "We take the responsibility of protecting our customers' data very seriously. In coordination with [AAFES] we have ensured that all necessary steps were taken to successfully secure all customer information."
Ward said the AAFES general counsel, information technology officials and others met with SIGA officials about the breach, and are taking steps to avoid similar problems in the future.
SIGA officials ask their customers to remain vigilant and monitor their email for any suspicious activity. They note that they don't ask for any information by email.
Concerned customers can call SIGA's hotline at 07131 2038395, from 9 a.m. to 6 p.m. Monday through Friday in Germany, or email SIGA at customercare@siga24.de.
Karen has covered military families, quality of life and consumer issues for Military Times for more than 30 years, and is co-author of a chapter on media coverage of military families in the book "A Battle Plan for Supporting Military Families." She previously worked for newspapers in Guam, Norfolk, Jacksonville, Fla., and Athens, Ga.
