The Pentagon says a “data breach incident” first discovered in early 2023 may have exposed sensitive personal information online to an undisclosed number of current and former employees, job applicants and others. I’m warning my partner.
DefenseScoop has seen a Feb. 1, 2024, notice sent by the Defense Intelligence Agency to longtime Pentagon employees encouraging them to sign up for government-provided identity theft protection services in response to the revelations.
“This letter is to inform you of a data breach incident that may result in the compromise of your Personally Identifiable Information (PII). An email message was accidentally published on the Internet. [DOD] service provider. Unfortunately, some of these email messages contained his PII related to individuals employed or supported by, or seeking employment with, the Department of Defense. “Although there is no evidence to suggest that your girlfriend’s PII has been misused, the Department is notifying individuals whose PII may have been compromised as a result of this unfortunate situation,” the document states. It has been.
Broadly defined, PII refers to any data that can be used to identify or track an individual’s identity, such as address, social security number, credit card information, and biometric records.
In response to questions, the DIA referred DefenseScoop to a Pentagon spokesperson, but did not later say how many people may have been affected by the incident or which service providers were involved. .
“As a matter of practice and operational security, we do not comment on the status of our networks and systems. The affected servers have been identified and removed from public access on February 20, 2023, and the vendor is responsible for the exposure.” “We have resolved the issue that resulted in this issue,” the spokesperson said.
He also did not say when authorities first began notifying people that their data may have been compromised more than a year ago.
“The Department of Defense continues to work with service providers on improving the prevention and detection of cyber events. Notification of affected individuals is ongoing,” a spokesperson told DefenseScoop.
In a letter mailed to people who may have been victims of the exposure, the DIA said that in the aftermath of this incident, the agency is working with service providers to understand what happened and plan future He also mentioned that the company has changed procedures and introduced additional functions to deal with abnormalities in order to reduce risks. Configure detections and alerts appropriately.
“This incident involved multiple departmental organizations. Each organization investigated the affected information and determined whether personal data was included in the exposure. After this analysis, multiple organizations A small portion of the data required a secondary review to verify the identity and contact information of affected individuals. This entire evaluation process took several months. We have obtained Identity Protection Services Agreements for affected individuals at organizations. The agreements will be signed in September 2023, and each affected organization will actively work with its contractors to notify affected individuals. ,” a Pentagon spokesperson told DefenseScoop.