A Data Breach Exposes Sensitive Information of 30,000 Department of Defense Personnel
The Pentagon is one of the world's most important buildings, and the US Defense Department has done a lot to ensure that you can't just walk through the front door and roam around freely. In fact, simply getting in is quite difficult. It would appear, however, that getting the personal information of people who work inside the Pentagon isn't that hard.
On October 12, Associated Press (AP) reported that a cyberattack has affected at least 30,000 Department of Defense (DoD) workers. The first thing we should point out is that no classified information has been leaked.
It's not as bad as it sounds
In actual fact, we're not talking about a sophisticated state-sponsored cyber operation designed to break the security of one of the world's most important organizations. Instead, we're talking about an attack aimed at a contractor that provided travel management services to DoD workers.
The breach was discovered on October 4, but there's no telling when the hackers broke in for the first time. The vendor, which is likely to lose its contract very soon, remains unnamed for security reasons, and since the investigation is ongoing, the number of affected DoD staff might grow. Officials told AP that victims will soon be notified and will receive fraud protection services.
At first glance, then, the news isn't quite so bad. After all, no state secrets or any other potentially war-starting information has been compromised. This is indeed true, but the incident is still disconcerting.
The breach shouldn't be overlooked
In addition to credit card details, the crooks stole data that, according to DoD, could include Personally Identifiable Information (PII). Let's not forget that Defense Department workers (both military and civilian) are concerned. We don't know who was affected, how high up the ranks they are, and how likely they are to be targeted by foreign adversaries that are after more than just a shopping spree at somebody else's expense.
At the very least, the incident should be a bright warning light, which, curiously enough, started flashing mere days after a report from the US Government Accountability Office highlighted some serious cybersecurity shortcomings in DoD's new weapon systems.
If someone at the Pentagon is underestimating the importance of cybersecurity, we hope that they stop doing it. It will be for the greater good of everybody.