Vanguard records compromised

[cferron]

Just another reason to love doing business with Vanguard...

I placed a small order online on Saturday.  Yesterday I got an e-mail from someone purporting to be with Vanguard showing the order number and my complete credit card number and asking for more information to protect me from "fraudulent transactions." 

They wanted the frontside and backside of the credit card; a photo ID card such as driver's license or passport number and a recent bank statement or utility bill.  It was from order@vanguardmil.net and signed by Steven K in the order processing department.

Since this just screamed "phishing" I didn't reply and called and talked to Eva in the East Coast Vanguardfacility this morning.  She confirmed there had been "an incident" and told me not to reply to the e-mail.

I'm contacting my cardholder to put a watch on the account, but be sure to look out for this one.  So much for secured transactions...I wonder where the breach was and how many records have been compromised?

[Tubacap]

Anyone know who to contact at NHQ to notify them that this happened?

[desertengineer1]

Great.  Just what we all need.  

Getting a little tired of new credit cards due to mismanaged databases.

[NC Hokie]

It would appear that Vanguard's online order processing system has been compromised.

I placed an order with Vanguard over the weekend and almost immediately received an e-mail requesting verification of my payment info.  The message was suspicious, so I called Vanguard this morning to ask about it.  They confirmed that the message I received was a scam and suggested that I closely track my credit card account for fradulent activity over the next few weeks.

The e-mail included my order number and asked that I send a copy of my credit card and ID to verify my identity.  The fact that I didn't do so SHOULD keep me safe, but the scammer WAS able to get my order number and e-mail address, so there's no telling what else he might have.  I'm also a bit concerned by the fact that the receptionist who answered my call immediately asked if I was a Civil Air Patrol member when I mentioned that I was calling with a question about my order.

In any case, I'd suggest that anyone ordering from Vanguard do their business over the phone as much as possible.  I also suggest that anyone who has done business with them in the recent past closely monitor their payment account for suspicious activity.

[MIKE]

Merged.

[Major Carrales]

I had my credit card "jacked" earlier this year.  I got an e-mail from my Credit Card Company and when I called the number on the back of the card they showed me for purchases in Australia and other parts of the world of which I had no contact.

I had to get a new credit card.  Ironically, I only use my credit card (i'm more of a "cash man") for emergencies and, again ironically, ordering from Vangaurd.

After that, I now send in all my orders via snail mail (no matter how long it takes...normally a week).  I just "pretend" I'm gonna check out, print the screen and send the order with a money order from the USPS.

I am not pleased if the allegation in this post is true.  Not pleased on bit!

[mikeylikey]

Ya....Vanguard sucks.  Don't do business with them.  This is the reason we need NHQ to break their contract with them, and allow any vendor to produce CAP uniform items.  If NHQ doesn't do that, then they SUCK and are only out to screw you and me over (the volunteer).  By continuing to do business with them, CAP says "we don't care about our members, watch them get screwed over".

Oh man.......I really hate Vanguard.   

[dbaran]

Vanguard just confirmed it to me (I'd ordered for the first time in 2 years, got one of their emails, and nearly blew a gasket over the fact that it had my entire credit card number in it!).  Looking at the phishing email, it was sent through Google.  The person at Vanguard said that their web site was completely copied (their words - not mine).  It even had my order history from 2 years ago!    And my order was in their system.  So I am NOT buying the "we got copied" argument.  You can copy a web site, but when an outsider manages to copy the back-end database and insert himself into the order processing chain ... you have some serious IT security issues to address.

20 minutes on the phone with the credit card company to make sure it was cancelled...grr..now I get to call each of the credit bureaus and get a fraud block placed again....

[Major Carrales]

 The person at Vanguard said that their web site was completely copied (their words - not mine).  It even had my order history from 2 years ago!

Fortunately, the Credit Card account I had when I last made an order with them that way has been suspended in favor of another Credit Card number. 

This is quite serious, but it is what happens when we place too much faith in automation.  I have never understood how people could keep a system with such sensative info even on the same physical hardware as the internet.

WOW, I'm glad I've been sending the orders via the post.

[♠SARKID♠]

And now they have a banner at the top of the home page.

In order to avoid exposure to pharming please verify if you are at vanguardmil.com.

Vanguard will NOT send you e-mails requesting personal information.
Please contact us at (800) 433-1334 if you have any question or concern.

I think this calls for me to open a credit card account and do my online business on it, rather than my current process.

[Pylon]

Are they going to issue a statement about what happened, how it was not prevented, and what Vanguard will be changing to prevent this in the future?

[Ned]

Ya....Vanguard sucks.  Don't do business with them.  This is the reason we need NHQ to break their contract with them, and allow any vendor to produce CAP uniform items.  If NHQ doesn't do that, then they SUCK and are only out to screw you and me over (the volunteer).  By continuing to do business with them, CAP says "we don't care about our members, watch them get screwed over".

Oh man.......I really hate Vanguard.   

Another calm, reasoned opinion.   




Guys,

It looks like Vanguard got hacked.  They are victims of a crime, and now someone is trying to make some of us victims as well.

Undoubtedly they will be reviewing their security procedures and will make changes.

But it is worth remembering that every single business on the net could have "better security."  Heck, even Uncle Sam gets hacked with some regularity.  I seem to recall getting a note from the VA saying they had lost some of my information about a year ago.

And it was not the hardworking professionals at NHQ who made the decision to contract with Vanguard.  It was our volunteer leaders on the NB.

Who made the best possible decision at the time.  A decision which has immensely benefited the membership as a whole while returning much-needed training money to serve our members.

Let's give the authorities and Vanguard a reasonable amount of time to conduct an investigation to see what actually happened before screaming for blood and public explanations, shall we?

And in the meantime, take prudent precautions concerning your credit information.

Ned Lee
NHQ Apologist

[Tubacap]

^Concur!

[NC Hokie]

FYI the Vanguard website is STILL hacked...go to www.vanguardmil.com and hover your mouse (DO NOT CLICK!!!!) over the Log In link in the upper right corner.  When you do so, you'll see that the link points to another website.  The rep I spoke with found this to be very interesting and said that he would pass the info along to their IT department as well as the FBI.

From what I can tell (and I may be wrong here, but I think I'm pretty close), the hacker got into the Vanguard server and changed any Log In links to point to his site, processed the orders while copying our info, and passed the orders along to the real Vanguard server for fulfillment and billing.

[♠SARKID♠]

FYI the Vanguard website is STILL hacked...go to www.vanguardmil.com and hover your mouse (DO NOT CLICK!!!!) over the Log In link in the upper right corner.  When you do so, you'll see that the link points to another website.  The rep I spoke with found this to be very interesting and said that he would pass the info along to their IT department as well as the FBI.

And they're trying cover themselves by using https.  Good luck with that when the FBI starts its search...

[Major Carrales]

I am not pleased, but I must concur with the objective stance on this matter proposed by NED.  It is obvious that any US service man that attempted to order from Vanguard was also thusly effected. 

I hope the criminal is caught and dealt with in a fitting manner.

[rjacobs]

The login prompt pointing to a toad.he.net URL isn't part of the hack.  Vanguard uses Hurricane Electric for their site hosting and this is part of their online store setup.  Even so, they could have designed their site better to reduce confusion.

Checking their DNS records (vanguardmil.com) show they use Hurricane Electric for their name servers, and an ARIN search shows their IP address is in the netblock owned by HE.  It doesn't look like any DNS hijacking is going on.

vanguarmil.net is using a dynamic DNS service (afraid.org) for its DNS.  It looks like Vanguard has altered their site to recapture the framed content from the .net site and has put up a short message about verifying the site when this happens.  This started about the same time I started researching all of this.

So, while the login prompt doesn't indicate that they are still hacked, I wouldn't be ordering anything from them while they are still actively working to fix the problems.

[Major Carrales]

I have considered using one of those "load me up" credit cards for such transactions.  In anycase, I will likely never use a credit card for it, so long as they accept mail in orders.

[shorning]

I hope the criminal is caught and dealt with in a fitting manner.

Like making them order from Vanguard?

[Major Carrales]

I hope the criminal is caught and dealt with in a fitting manner.

Like making them order from Vanguard?

I don't know, does Vangaurd sell striped black and white jumpsuits?

[Pylon]

I have considered using one of those "load me up" credit cards for such transactions.  In anycase, I will likely never use a credit card for it, so long as they accept mail in orders.

I don't know what "load me up" credit card means, but my Mastercard allows me to generate "Virtual Account Numbers".  Every time I shop online, I can have a brand new, one-time-use, disposable credit card number.  Stops potential fraud from database hacks and lost data pretty easily - if they got the credit card number I used, it wouldn't be working any longer.

[Major Carrales]

I have considered using one of those "load me up" credit cards for such transactions.  In anycase, I will likely never use a credit card for it, so long as they accept mail in orders.

I don't know what "load me up" credit card means, but my Mastercard allows me to generate "Virtual Account Numbers".  Every time I shop online, I can have a brand new, one-time-use, disposable credit card number.  Stops potential fraud from database hacks and lost data pretty easily - if they got the credit card number I used, it wouldn't be working any longer.

A "load me up" credit card is the type that are ussually sold at gas stations or grocery stores that allow a person to have the benefits of a credit/debit card but not the account.  You "load up the card" when you use it.  If it gets "jacked" no one is harmed and you only lose the monry you put in.  It seems alot like what you described.

I guess we have a regional dialect difference in what it is called.

[desertengineer1]

The current HTML page as of 8 PM CST for login is nolinkhttps://toad.he.net/~vgaurd/store/index.php. (DO NOT GO TO HIS LINK!!!)

A reverse lookup of this DNS gives an IP of 66.160.205.2, which is registered to Hurricane electric in Fremont, CA?  Not sure what's going on there., but it does look like it's still dangerously spoofed.  DO NOT USE THE LOGIN LINK UNTIL IT IS SAFE TO DO SO.

I would ask that Vanguard release a statement to CAP members IMMEDIATELY.   

I don't care if their poor IT guy accidentally fell asleep and their database got hacked.  It is THEIR responsibility to protect sensitive customer data.  Freaking insane....

FYI the Vanguard website is STILL hacked...go to www.vanguardmil.com and hover your mouse (DO NOT CLICK!!!!) over the Log In link in the upper right corner.  When you do so, you'll see that the link points to another website.  The rep I spoke with found this to be very interesting and said that he would pass the info along to their IT department as well as the FBI.

From what I can tell (and I may be wrong here, but I think I'm pretty close), the hacker got into the Vanguard server and changed any Log In links to point to his site, processed the orders while copying our info, and passed the orders along to the real Vanguard server for fulfillment and billing.

[PHall]

Maybe now Vanguard will let people use Pay Pal for their orders.
No credit card numbers to be stolen.

[SAR-EMT1]

Has paypal ever been jacked ?

[NC Hokie]

FYI the Vanguard website is STILL hacked...go to www.vanguardmil.com and hover your mouse (DO NOT CLICK!!!!) over the Log In link in the upper right corner.  When you do so, you'll see that the link points to another website.

In the interest of fairness, I should point out that others have indicated that this redirect may be "business as usual" at Vanguard.  Although that alleviates some of my fear that the site is still jacked, I must admit that this is (IMHO) yet another indicator of the unprofessional image Vanguard seems to have gone out of their way to cultivate.

[NC Hokie]

Maybe now Vanguard will let people use Pay Pal for their orders.
No credit card numbers to be stolen.

That's why I have a PayPal debit card for my online purchases.

[desertengineer1]

I certainly hope so, but toad.he.net link on the login button, in addition to the warning to verify that you are vanguardmil.com is extremely suspicious.  I sent an email to our members to be cautious and call instead of using the link - at least until something comes from Vanguard that everything is OK.

I sure as heck wouldn't trust it.

FYI the Vanguard website is STILL hacked...go to www.vanguardmil.com and hover your mouse (DO NOT CLICK!!!!) over the Log In link in the upper right corner.  When you do so, you'll see that the link points to another website.

In the interest of fairness, I should point out that others have indicated that this redirect may be "business as usual" at Vanguard.  Although that alleviates some of my fear that the site is still jacked, I must admit that this is (IMHO) yet another indicator of the unprofessional image Vanguard seems to have gone out of their way to cultivate.

[Eclipse]

Hurricane Electric is a Colocation Provider (i.e. an ISP), it's likely that's where the VG stores are hosted.

As to PayPal - I would suggest you look into the dispute process with PayPal before you sing their praises, you will find that they are draconian compared to a regular credit card, I have a PayPal account for eBay use, and never pay out of my checking account - I always use a credit card, which they hate because it incurs fees for them. It also then gives you the full dispute process of your charge card, instead of PayPal's ability to seize money from your checking account, withhold funds, etc.

Since we don't actually know what the nature of the compromise really was, its hard to say who's to blame.  I am currently working on credit card security for a major hospitality chain (implementing PCI-DSS), and frankly if most people knew how vulnerable their identity, credit and related information really is to compromise, they would cut up their cards, invest in gold, and bury it in the backyard.

This is the basis of what any business accepting charge cards is supposed to be doing as of today (the spec changes in September): http://en.wikipedia.org/wiki/PCI_DSS

With that said, and knowing what I know, I still use my cards as I always have, because that is simply the nature of the universe today, and the pros and convenience far outweigh the risks.

[mikeylikey]

MY Chase AF Club and Army Club credit cards (O-Club card) has excellent protection.  Like the time the bartender charged me twice for the same 7 drinks I had.  Chase actually contacted me and told me that they noticed the second charge, and would remove it and contact the club for me.  Plus I get 2 reward points if I shop on Base/ Post and one reward point for everything else I buy off post.  Needless to say, the more you drink on base the more free drinks come your way.        

[desertengineer1]

The kicker for me is Vanguard's statement to verify you are on nothing other than vanguardmil.com, but then you see the toad.he.net link.  I think some kind of guidance or assurance is the least they can do.

Hurricane Electric is a Colocation Provider (i.e. an ISP), it's likely that's where the VG stores are hosted.

As to PayPal - I would suggest you look into the dispute process with PayPal before you sing their praises, you will find that they are draconian compared to a regular credit card, I have a PayPal account for eBay use, and never pay out of my checking account - I always use a credit card, which they hate because it incurs fees for them. It also then gives you the full dispute process of your charge card, instead of PayPal's ability to seize money from your checking account, withhold funds, etc.

Since we don't actually know what the nature of the compromise really was, its hard to say who's to blame.  I am currently working on credit card security for a major hospitality chain (implementing PCI-DSS), and frankly if most people knew how vulnerable their identity, credit and related information really is to compromise, they would cut up their cards, invest in gold, and bury it in the backyard.

This is the basis of what any business accepting charge cards is supposed to be doing as of today (the spec changes in September): http://en.wikipedia.org/wiki/PCI_DSS

With that said, and knowing what I know, I still use my cards as I always have, because that is simply the nature of the universe today, and the pros and convenience far outweigh the risks.

[Dragoon]

Man, if we had to privatize the Bookstore (and I'm still not convinced that was the case), I sure wish we'd have gone with a company that had some internet retail experience, not a manufacturer trying to learn retail on our dime.  These "growing pains" would have killed any business that didn't have a monopoly on the market.

[Hawk200]

Maybe now Vanguard will let people use Pay Pal for their orders.
No credit card numbers to be stolen.

I just got  the PayPal plugin. Allows me to create virtual Visa card numbers, complete with expiration dates and CVV codes. Used it a few times. Once the items are paid for, close out the card, and done.

[TankerT]

Just as a related note, members in my wing have reported for the last few months some "suspicious" charges on some cards.  The common thread was Vanguard.  (Some members had only used the card for CAP purchases...)

[cnitas]

I just put in an order about 2 weeks ago.  This makes me glad that I shop exclusively at the Hock. 

[desertengineer1]

Just as a related note, members in my wing have reported for the last few months some "suspicious" charges on some cards.  The common thread was Vanguard.  (Some members had only used the card for CAP purchases...)

Interesting.  Just contested one of those $9 and some change POS transactions a month ago (EASYTEMPLATESRPO.COM).   And yes, I use this card for Vanguard.

[dhon27]

NJWG was forwarded an email yesterday from NER/CC and NJ/CC referencing the Vanguard situation and also referencing recent alleged improprieties by a CAP member in applying for credit cards using CAP members' names, DOB and SSN's taken from MSA's.  From the email, it is not clear if the credit card matter is related to the Vanguard situation.  The email further references the Vanguard matter as relating to CTWG. 

[dhon27]

Text of email:
_____________________

To all Members,

   

    Please note the following advisory regarding attempted credit card fraud by a CAP member.



Col Robert J. McCabe, CAP

Commander, NJ Wing

--------------------------------------------------------------------------------

Commanders,

I would like to take this opportunity to alert you about an incident with one of our CAP members.  This individual was caught allegedly applying for multiple credit cards. The victims names, date of birth, and social security numbers were taken from different MSA's.

The attachment pertains to an incident in CT Wing regarding Vanguard.

Please share this information with your staff and members.


Col Robert Diduch
NER/CC







--------------------------------------------------------------------------------

Gas prices getting you down? Search AOL Autos for fuel-efficient used cars.
Official Announcement of Activities, Events and Policies of
New Jersey Wing, Civil Air Patrol
United States Air Force Auxiliary
_______________________________________________
NJCAP mailing list
NJCAP@njwg.cap.gov
http://njwg.cap.gov/mailman/listinfo/njcap

To National HQ, Northeast Region HQ and CTWG Officers As a follow-up, the CTWG member contacted Vanguard, and ascertained the following: ///////////////////////// Begin Text //////////////////////////// I spoke to the real Vanguard and they explained to me that the only info that the fake could get was the credit or debit card number. They could not get the expiration date or the security code on the back of the card. It should be safe to purchase from Vanguard. here is the Vanguard contact info.
Dear Valued Customer, You are receiving this message as a courtesy notice because you placed an order with Vanguard Industries East, Inc. (Civil Air Patrol) either on or after July 4th.  We would like to advise you that Vanguard will never contact you requesting personal information after your order has been placed.  Please contact us at 1-800-221-1264 if you have recently received such a request. Thank you, Melissa AlarconInternet SalesVanguard Industries West, Inc.Ph# 1-800-433-1334 ext. 165email:malarcon@vanguardmil.com
/////////////////////////////////////////// End Text //////////////////////////////////////////////

On 7/7/08, Peter Jensen wrote:
For National HQ, Northeast Region HQ, and all CTWG Officers I received the following email from a CTWG member today about the Vanguard website. This website may have been "hijacked," possibly by those seeking to commit identity theft.   Pete Jensen, Col, CAPCommanderConnecticut Wing

---------- Forwarded message ----------
From:
Date: Jul 7, 2008 2:39 PM
Subject: Hijacked vanguardmil website
To: Peter Jensen

It has come to my attention that the website for vanguardmil.com military clothing has been hijacked. If an order is placed you might get a response from vanguardmil.net asking for additional information like photo id such as drivers license, bank statement, etc. Here is what I received from the fake vanguard email. Please disseminate the info to all interested parties.  Hi David, Thank you for your recent Order #070408-163812-1039 at Vanguard Industries, Inc.We regret to inform you that we need further information to verify the status of the transaction that you made through your credit card number XXXXXXXXXXXXXXPlease understand that this also helps to reduce the risk that any other person misuses your credit card. Anybody, who has your credit card number and expiry date, can you use your credit card on the Internet for making payment. For us, it is important to protect our customers and ourselves from fraudulent transactions.To continue processing your order, please provide us following documents:

Front and backside of credit card that you placed this order with.
Photo-ID card (such as driver's license, passport) showing the same name & signature as the credit card.
One recent bank statement or utility bill (optional)
You can send the verification documents by replying or writing a new email to: order@vanguardmil.net
You will notice the .net not .com.

[Redacted various email addresses]

[Eclipse]

The current HTML page as of 8 PM CST for login is nolinkhttps://toad.he.net/~vgaurd/store/index.php. (DO NOT GO TO HIS LINK!!!)

Well that's just great, I though you meant not to not go to the link!
I now have a temporal anomaly in the middle of my living room asking me for my mother's maiden name! 

Thanks a lot!   

[mikeylikey]

Shame on that CAP member for stealing other members identities.  For each offense, 5 years in FEDERAL Prison should do nicely. 

Perhaps that is why we shouldn't be using our Social Security Numbers in CAP. PERIOD!

[flyguync]

One orf my Fmr cadets mother was charged and convicted with CC fraud & Idenity Theft,and here is her sentence -

three months of home detention, 25 hours of community service and five years of probation following her conviction on a charge of identity theft related credit card fraud and was also sentenced to pay $7,500.00 in restitution.

[desertengineer1]

One orf my Fmr cadets mother was charged and convicted with CC fraud & Idenity Theft,and here is her sentence -

three months of home detention, 25 hours of community service and five years of probation following her conviction on a charge of identity theft related credit card fraud and was also sentenced to pay $7,500.00 in restitution.

And she will never get a job beyond minimum wage - ever...

[desertengineer1]

I'm still confused as to the validity of that link.  For now, I'm pressing with the instruction from Vanguard not to trust anything other than vanguardmil.com.  They need to be very specific and accurate on the instructions.

The current HTML page as of 8 PM CST for login is nolinkhttps://toad.he.net/~vgaurd/store/index.php. (DO NOT GO TO HIS LINK!!!)

Well that's just great, I though you meant not to not go to the link!
I now have a temporal anomaly in the middle of my living room asking me for my mother's maiden name! 

Thanks a lot!   

[Eclipse]

I'm still confused as to the validity of that link.  For now, I'm pressing with the instruction from Vanguard not to trust anything other than vanguardmil.com.  They need to be very specific and accurate on the instructions.

The current HTML page as of 8 PM CST for login is nolinkhttps://toad.he.net/~vgaurd/store/index.php. (DO NOT GO TO HIS LINK!!!)

Well that's just great, I though you meant not to not go to the link!
I now have a temporal anomaly in the middle of my living room asking me for my mother's maiden name! 

Thanks a lot!   

The vgmil.net link appeared to be a hijacked "sound-alike" domain that was used for the attack and has now been taken over by VG.

[Eclipse]

NJWG was forwarded an email yesterday from NER/CC and NJ/CC referencing the Vanguard situation and also referencing recent improprieties by a CAP member in applying for credit cards using CAP members' names, DOB and SSN's taken from MSA's.  From the email, it is not clear if the credit card matter is related to the Vanguard situation.  The email further references the Vanguard matter as relating to CTWG. 

MSA's should only include the last 4 digits.  Most bases and related resources we have to provide that info to have adjusted their requirements.

[mikeylikey]

MSA's should only include the last 4 digits.  Most bases and related resources we have to provide that info to have adjusted their requirements.

I don't even like giving the last four digits out.  Have you noticed ho many retailers and businesses ask for the last four of your soc?? 

Hell.....in a year Gov't ID cards won't even have the Social printed on them, CAP made good strides giving us all ID numbers instead of using our SOC SEC NUMBs....but that needs to keep going.  There is NO REASON for the military to have access to any part of the CAP members social, not even for an MSA!  What are they using it for other than tracking purposes, and then they can easily use the CAPID # anyway.

[Ned]

In one of those "only on CAP-Talk" coincidences, the NB will take up a recommendation to eliminate SSNs from TAs and MSAs at the August meeting.  At this point, it appears that the requirement for the SSN on those documents is a USAF thing.  However, there is reason to believe that the USAF will accomodate our request and eliminate the requirement.



Once the agenda becomes public, review the item and advise your NB member appropriately.

(I predict it will pass easily.)

Ned Lee

[Eclipse]

In one of those "only on CAP-Talk" coincidences, the NB will take up a recommendation to eliminate SSNs from TAs and MSAs at the August meeting.  At this point, it appears that the requirement for the SSN on those documents is a USAF thing.  However, there is reason to believe that the USAF will accommodate our request and eliminate the requirement.

That's fine for CAP & the USAF, but many of us operate on bases of other services, and the 4-digits on the MSA is required for base access.

[davidsinn]

Stupid question here: MSA?

[flyguync]

Military Support Authorization

[davidsinn]

Thanks.

[Eclipse]

Military Support Authorization

Generally a letter, form, etc., depending on the venue, that the State Director writes authorizing or requesting use of a military facility or resource.

In our case, the request must include a complete list of participants in advance, including parents, etc , (for graduation), which contains full name, grade, CAP ID, last 4 SSN, home city and home unit (info filled in as applicable).

It'll usually contain verbiage referencing AFI-2701, as well as general information on providing emergency medical care and "Space-A" services.

[mikeylikey]

Military Support Authorization

In our case, the request must include a complete list of participants in advance, including parents, etc , (for graduation), which contains full name, grade, CAP ID, last 4 SSN, home city and home unit (info filled in as applicable).

Since the AF does not (and should not) have any CAP members Social, why do they even request the last four?  How are they to use that info.........Social Security Cards are not supposed to be accepted by federal agencies for identification since 2001.  All that is needed is the CAPID, Name and address.  If you want to add rank or grade, fine.....but not required.  Overachieving Security force/patrol/unit commander at your installation perhaps??

Less risk of Id theft is the best bet. 

Seriously, I could give them 1,2,3,4 for the last four of my Social and no one would be any wiser......I think. 

[CFI_Ed]

Hmm - all the MSA's we've generated in the OK Wing in the last year or so have only used the CAP ID. 

[MIKE]

Drift warning.  Alter course immediately.

[SAR-EMT1]

I dunno Mike, I see the drift as related to the intent of the thread: protection of personal information.

[Eclipse]

Since the AF does not (and should not) have any CAP members Social, why do they even request the last four?  How are they to use that info.........Social Security Cards are not supposed to be accepted by federal agencies for identification since 2001.  All that is needed is the CAPID, Name and address.  If you want to add rank or grade, fine.....but not required.  Overachieving Security force/patrol/unit commander at your installation perhaps??

Less risk of Id theft is the best bet. 

Seriously, I could give them 1,2,3,4 for the last four of my Social and no one would be any wiser......I think. 

This is not a USAF request, but a base security request, can't say for sure whether its over zealous or not, but I suspect its the same SOP for civilians who come on base for BMT graduations.

[mikeylikey]

^ Still don't understand how the last 4 of a social will help identify people coming on base.  Unless they use it to track how many times you actually come on base, but they could do that by way of drivers license number.  I have never been to any installation where I was asked to show my Social Security Card. 

Weird.

Anyway.......I ordered from Vanguard today (I had too, my Cadets are idiots), but used a "greendot" prepaid credit card that I purchased with the cadets money (I rarely use my own money for cadets, they can pay me upfront).  The service charge for the prepaid card was $3.50, which I split between the 7 Cadets making purchases.  So for Vanguards mistakes and my refusal to be a victim, my Cadets are suffering by being forced to pay a service fee from now on.  I was called a jerk for doing that, but that is the world we are living in today.  Thanks Vanguard!

[Eclipse]

Anyway.......I ordered from Vanguard today (I had too, my Cadets are idiots), but used a "greendot" prepaid credit card that I purchased with the cadets money (I rarely use my own money for cadets, they can pay me upfront).  The service charge for the prepaid card was $3.50, which I split between the 7 Cadets making purchases.  So for Vanguards mistakes and my refusal to be a victim, my Cadets are suffering by being forced to pay a service fee from now on.  I was called a jerk for doing that, but that is the world we are living in today.  Thanks Vanguard!

You're a jerk for adding 50 cents to an order to protect your own personal finances?

Tell them to get a clue and place the order themselves.

Man, the world we live in.