Pentagon recently announced that Defense Department has suffered a data breach that exposed the personal and credit card information of some U.S. military and civilian personnel.
According to the official statement, attackers allegedly gained unauthorized access to the sensitive information through a system that stores travel records. The system was maintained by a third-party contractor. “The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel,” said the statement.
The Associated Press quoted an official who stated that the incident might affect at least 30,000 individuals and the number may increase in the future. The data breach, which is believed to have happened some months ago, was disclosed on October 4, the report stated.
Lt. Col. Joseph Buccino, a Pentagon spokesman, stated the details of the third-party vendor were not disclosed due to security reasons. “It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population,” he added.
The disclosure of the data breach comes on the heels of the latest report by that highlighted the cyber vulnerabilities in the DOD weapons systems. According to the report, DOD testers frequently found “mission-critical cyber vulnerabilities” in almost every weapon system they were developed between 2012 and 2017. “Testers were able to take control of these systems and largely operate undetected. In some cases, system operators were unable to effectively respond to the hacks,” the report added. “Furthermore, DOD does not know the full scale of its weapon system vulnerabilities because, for a number of reasons, tests were limited in scope and sophistication.”
In the report, GAO was also critical of DOD’s attitude toward cybersecurity. GOA stated that it and others have warned DOD “of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity. Finally, DOD is still determining how best to address weapon systems cybersecurity.”