b. WERE AFFECTED INDIVIDUALS NOTIFIED?
3.a. NUMBER OF INDIVIDUALS AFFECTED
(1) If Yes, were they notified within 10 working
days?
(1) Contractors
Yes
No
Yes
No
(2) If Yes, notification date
(3) If Yes, number of individuals notified:
(MM/DD/YYYY)
(2) DoD Civilian Personnel
(3) Military Active Duty Personnel
(4) If notification will not be made, explain why, or if number of individuals notified differs from total
(4) Military Family Members
number of individuals affected, explain why:
(5) Military Reservists
(6) Military Retirees
(7) National Guard
(8) Other
:
(Specify)
(6) If Yes, number of individuals offered credit
(5) If applicable, was credit monitoring offered?
monitoring:
Yes
No
4. PERSONALLY IDENTIFIABLE INFORMATION (PII) INVOLVED IN THIS BREACH
(X all types that apply)
*If Financial Information was selected, provide additional detail:
(1) Names
(7) Passwords
(2) Social Security Numbers
(8) Financial Information*
(a) Personal financial information
(3) Dates of Birth
(b) Government credit card
If yes, was issuing bank notified?
(9) Other (Specify):
(c) Other (Specify):
(4) Protected Health Information (PHI)
Yes
No
(5) Personal e-mail addresses
(6) Personal home addresses
5. SELECT ALL THE FOLLOWING THAT APPLY TO THIS BREACH
b. EQUIPMENT
a. PAPER DOCUMENTS/RECORDS
(If selected, provide additional detail)
detail)
(If selected, provide additional
(1) Paper documents faxed
(1) Location of equipment
(2) Paper documents/records mailed
(2) Equipment disposed of improperly
0
(3) Paper documents/records disposed of improperly
(3) Equipment owner
0
(4) Unauthorized disclosure of paper documents/records
(4) Government equipment Data At Rest (DAR) encrypted
0
(5) Other (Specify):
(5) Government equipment password or PKI/CAC protected
0
(6) Personal equipment password protected or commercially encrypted
0
c. IF EQUIPMENT, NUMBER OF ITEMS INVOLVED
(7) Flash drive/USB stick/other
(If Other, Specify):
(1) Laptop/Tablet
(4) MP3 player
removable media
(2) Cell phone
(5) Printer/Copier/Fax/Scanner
(8) External hard drive
(3) Personal Digital Assistant
(6) Desktop computer
(9) Other
e. INFO DISSEMINATION
d. EMAIL
(If selected, provide additional detail)
(If selected, provide additional detail)
(1) Email encrypted
0
(1) Information was posted to the Internet
0
(2) Email was sent to commercial account (i.e., .com or .net)
0
0
(2) Information was posted to an intranet
(e.g., SharePoint or Portal)
(3) Email was sent to other Federal agency
0
0
(3)
Information was accessible to others without need-to-know on a share drive
0
0
(4) Email recipients had a need to know
(4) Information was disclosed verbally
0
(5) Recipients had a need to know
f. OTHER
(Specify):
b. IMPACT DETERMINATION
6.a. TYPE OF INQUIRY
(for
(If applicable) (Click to select) (If Other, specify)
Component Privacy Official or designee
use only) (X one)
Low
Medium
High
c. ADDITIONAL NOTES
(Up to 150 words, bullet format acceptable)
NOTE: Do NOT include PII or Classified Information.
DD FORM 2959 (BACK), FEB 2013