Defense Information Systems Agency (DISA) Credit Protection Services

General Information

Below you will find frequently asked questions about the data breach that occurred on a system hosted by the Defense Information Systems Agency (DISA) in the summer of 2019.

To address other questions specifically about the breach, please email DISA at disa.privacy.office@mail.mil.

To address questions about identity protection services and credit monitoring, please contact IdentityForce’s member services team at 1-877-807-6585.

Frequently Asked Questions

1. Why did I receive a letter?
   In the summer of 2019, a data breach occurred on a system hosted by the Defense Information Systems Agency (DISA), in which some individuals’ Personally Identifiable Information (PII) was stored. The people potentially impacted by the incident have had an affiliation with the Department of Defense at some point in time. There is no evidence to suggest that this information was actually accessed or misused. In an abundance of caution, the agency began notifying individuals whose PII resided in the system in question and which could have been compromised.
2. How can I find out more information?
   For more information about the breach, please email specific questions to disa.privacy.office@mail.mil and we will send you a response. For questions pertaining about identity protection services and credit monitoring, please contact IdentityForce’s member services team at 1-877-807-6585.
3. What kind of personal information was potentially compromised?
   The information that was stored on the system that was breached was Personally Identifiable Information (PII), including social security numbers. There is no evidence to suggest that this information was actually accessed or misused. In an abundance of caution, the agency has begun notifying individuals whose PII resided in the system in question and which could have been compromised.
4. Why did it take so long for the notification to occur?
   Since the potential compromise was discovered, DISA has been actively working through extensive forensic analysis to determine what information might have been exposed, who was potentially impacted, and how to contact the individuals who may be affected.
5. I received a different letter or phone call from someone claiming to be from the DISA or the Department of Defense (DoD). Is this related to the data breach?
   If you have concerns about specific correspondence you received that purports to be from DISA or DoD, please email your questions to disa.privacy.office@mail.mil and we will send you a response.
6. What’s been done to secure the system and prevent future breaches?
   Securing and defending Department of Defense networks is a top priority for leadership across the DoD. DISA took the necessary measures to address the vulnerabilities of the system that was breached and will continue to take strong measures to protect DoD networks.
7. Who else in my family may have been impacted by the incident?
   If your family member has questions, please have him or her email the questions to disa.privacy.office@mail.mil and we will send him or her a response.
8. The letter was addressed using my former name. I would like for all correspondence to reflect my correct name.
   In some instances, contact information (name and address) for impacted individuals was not current. To update your name or address information for correspondence related to the breach please contact IdentityForce member services at 1-877-807-6585.
9. How long are you providing credit monitoring services?
   We are offering one year of credit monitoring services.