Around 30 000 of the military workers got affected in Pentagon breach

Pentagon data breach revealed travel records of more than 30,000 civilians and military staff

Security flaw yet again affected the Pentagon and 30 000 of military staff.

Department of Defense (DoD) encountered a serious cyber breach involving personal information, credit card data, and travel records of numerous of its employees.^[1] According to the U.S officials, the breach could have affected more than 30,000 of personnel. Unfortunately, the number of affected DoD employees keeps growing as the investigation team continues its research. There is also a possibility that the breach happened a while ago, not on October 4th when it was discovered.

According to reports, the Pentagon suffered from a data breach due to a third-party contractor. An attacker or a group of them compromised the vendor's access to the Pentagon network to steal travel data of DoD workers. Officials from the Department of Defense have already approved that both, payment card information and personal data, was revealed in the incident.

However, the process of investigation is still not finished. As the military officials claim, the procedure may take a while:

The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel.

Impacted people will be notified in the nearest future

The U.S military and the Department of Defense are working towards informing all affected staff members. They expect to finish this procedure in the upcoming weeks.

Additionally, they are willing to provide free fraud protection services according to US legislation^[2]. The responsible party hasn't been identified yet, so no additional details about the breach can be revealed.

Lt. Col. Joseph Buccino has already stated that the vendor won't be identified due to security reasons. Buccino also said that the vendor remains under the contract:

It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population.

Fortunately, the classified material hasn't been compromised due to the unnamed commercial vendor that provided a service for the military.^[3]

Not the first security issue related to the Pentagon

The department continues investigating the matter and risks. However, this is not the first issue^[4] regarding the security of the DoD. In recent months, the military of United States also hit the headlines because of the bad protection on its weapon systems. The particular issue involved the tech vendor and provided default passwords.

Another issue regarding the Pentagon^[5] was revealed when the main concern surrounding the cybersecurity and the usage of applications and gadgets that show the location, sensitive information about US Military appeared. Fortunately, that were only testers who revealed the previously mentioned issues:

Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications. In addition, vulnerabilities that DOD is aware of likely represent a fraction of total vulnerabilities due to testing limitations.