Pentagon data breach exposed 30,000 travel records
The U.S. Department of Defense suffered a data breach through a third-party vendor resulting in at least 30,000 service members and employees having some of their personal and payment card information compromised.
The Pentagon leadership was informed of the breach on October 4 that the unnamed vendor was compromised exposing the PII and credit card information of the military members and civilian workers, according to the Associated Press. The type of attack has not been released, but on source told The AP that no classified data was involved.
A Pentagon spokesman told The AP that the vendor in question is still under contract, but the DoD has taken steps to cut ties with the company.
Hackers target contractors because they are often thought of as the weakest link in the government supply chain,” Jake Olcott, Bitsight’s VP of Strategic Partnerships.
Pentagon and federal employees are no strangers to having their personal information exposed. In 2015 21.5 million current and former government employees were involved in the Office of Personnel Management data breach.
“The treasure trove of personally identifiable data on the Dark Web just continues to grow, enabling fraudsters and steal identities or create new, synthetic identities using a combination of real and made-up information, or entirely fictitious information. For example, the personal and credit card information obtained in the DoD breach could be cross-referenced with data obtained from the OPM breach and other widely publicized private sector breaches,” said Michael Magrath, OneSpan’s director, global regulations and standards.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise