A $100,000 reward was offered Tuesday to help solve the theft of a database containing the names and Social Security numbers of 500,000 military personnel and their dependents.
Authorities fear criminals could use the information to create false identities and then fraudulently apply for credit cards and bank loans.
The data were contained in computer equipment stolen from TriWest Healthcare Alliance, a Phoenix-based company that operates the Tricare managed-care program in 16 states for the Pentagon. Californians were not affected.
Investigators don't know the motive behind the Dec. 14 break-in, and so far there is no evidence that thieves have used the information in the computers.
Betsy Broder, an attorney for the Federal Trade Commission specializing in stolen identity issues, said the theft of personal data for half a million people may be unprecedented.
Identity theft was far and away the largest consumer fraud complaint in 2001, according to the FTC, accounting for 42% of all complaints. It can be perpetrated by the theft of computers, electronically hacking into computer systems or stealing personal documents from the trash.
In New York, authorities in November charged three men with stealing financial information on about 30,000 consumers by using pilfered corporate passwords to access data from the three major credit reporting bureaus.
Last spring, a computer hacker breached a data center containing personal information on 265,000 California state employees, but there has been no indication that the data were used.
TriWest, which posted Tuesday's reward, provides managed health care for 1.1 million members of the military, its retirees and dependents. The theft involved data on beneficiaries enrolled in the central region of its Tricare Prime program. The company has backup files to replace the stolen data, and it warned its clients not to speak to anyone seeking information about their enrollment.
The company advised clients to contact the nation's three credit reporting bureaus to place fraud alerts in their files. In such cases, the companies are required to notify clients if or when credit card applications are made in their names.
Authorities are releasing little specific information about the Dec. 14 break-in, so they can better assess the accuracy of any tips generated by the reward.
"We won't talk about exactly what was taken, nor security at the location," said Pat Schneider, chief of the criminal division of the U.S. attorney's office in Phoenix.
Although the information included the home addresses of members of the military, it cannot be used to gain access to military bases and the crime is not believed to be related to terrorism, Schneider said.
"We're focusing on the identity theft angle, because we have to be most concerned about potential victims having their identities stolen," Schneider said.
The investigation is being pursued by the FBI, Secret Service, Defense Criminal Investigative Service, Social Security Administration and local law enforcement.
The incidence of identity theft is increasing dramatically, Broder said. In 2001, the FTC consumer hotline received 86,000 complaints of such theft, and through the first six months of 2002, 70,000 complaints were received, she said.
By some estimates, as many as 700,000 people a year are victims of identity theft -- discovered when they find their bank accounts drained or large debts on unauthorized credit cards.
On average, each stolen identity results in about $17,000 in fraudulent charges, said Jay Foley, director of consumer and victim services for the Identity Theft Resource Center, a San Diego-based nonprofit organization.
"If you were to provide me with a half-million names and Social Security numbers and I opened up just one credit card per name and maxed it out at $5,000, just imagine the impact," he said.
Making this theft more potentially dangerous, he said, was that the victims were members of the military, retirees or dependents -- "people who probably don't have excessive credit."
"If the last credit account they opened was five years ago, who'd question a new application for credit? How deeply will the credit application be screened?" he said.
"There are a number of companies out there which are very slow in the screening process and who may not do a full credit check."
David J. McIntyre Jr., chief executive officer of TriWest, said Tuesday that the company is reviewing its security systems.
The FTC referred TriWest clients to the agency's Web site, www.consumer.gov/idtheft.