The US Navy has admitted to a data breach that exposed personal and sensitive information of 130,000 current and former sailors.
According to a US Navy statement, the organization was initially made aware of the breach at the end of October by Hewlett Packard Enterprise Services. HPE said that a company laptop being used by an “employee supporting a Navy contract” was compromised. Sensitive information - including names and Social Security Numbers (SSNs) of 134,386 sailors - was accessed by “unknown individuals.”
The Navy said it will be informing all those affected within the next few weeks, and is reviewing credit monitoring service options for affected sailors. So far there has been no sign that any of the data has been misused in any way, the Navy’s report said.
"The Navy takes this incident extremely seriously. This is a matter of trust for our sailors," said Chief of Naval Personnel Vice Adm. Robert Burke. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach."
In a statement released to Infosecurity Magazine, HPE refused to elaborate on the nature of the compromise or how it was discovered. "The security and privacy of our clients is a top priority for HPE. This event has been reported to the Navy and because this is an ongoing investigation, HPE will not be commenting further out of respect for the privacy of Navy personnel," the statement said.
The US military is no stranger to data breaches. The huge hack on the US Office of Personnel Management exposed data on around 20 million people, many of them military and other federal government employees.
This announcement comes at a particularly embarrassing time for the US military, as it has just launched a ‘Hack the Army’ bug-bounty program. The Army will be offering cash rewards to anyone who finds a vulnerability in public-facing Army websites.