Personal data of thousands of US Marines, sailors and civilians has been accidentally disclosed after an unencrypted email was sent to the wrong email distribution list.
According to Marine Corps Times, 21,426 people are affected by the breach, with truncated social security numbers, bank details, truncated credit card information, mailing address, residential address and emergency contact information all included.
The email containing the data was sent within the usmc.mil official unclassified Marine domain, but also to some civilian accounts by the Defense Travel System, a Defense Department system that assists military and civilian defense personnel with travel itineraries and settling expenses from official authorized trips.
The Marines plan to implement future changes to better safeguard personally identifiable information, but Marine Forces Reserve spokesperson Andrew Aranda believed “no malicious intent was involved.
“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information,” Aranda said.
Paul Edon, director at Tripwire, said: “With potentially highly confidential data stored on military systems, it is imperative that these systems are performing regular threat assessments. This includes examining the level of admin privileges granted to individuals to avoid accidental data leaks occurring again.
“To reduce further exploitation, victims must change passwords and account details immediately. With critical personal and financial data exposed it is strongly recommended victims continuously check their bank accounts and monitor for potential signs of identity theft, which in the moments after the breach, is when individuals are most vulnerable.”