Someone has reportedly siphoned personal information on 30,000 or more US Department of Defense workers.
According to anonymous sources at the Pentagon in Washington DC, an unnamed individual was able to access department travel records earlier this year, and would have been able to log employees' submitted personal information – such as names, dates of birth, and credit card numbers.
A US military spokesperson was not available to confirm or comment on the claims.
Both military and civilian workers are believed to have been caught up in the theft, and current estimates sit at roughly 30,000 people having their records exposed to miscreants, with that number set to climb as the investigation continues.
The data theft is said to have occurred not within the Pentagon itself, but rather with a third-party vendor it uses to book travel. The vendor was not identified.
"It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population," a DoD official was quoted as telling Associated Press. "The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel."
Word of the data spill comes as the DoD is looking to kick off a major reorganization of its IT operations with the awarding of the 10-year $10bn JEDI contract program. Cloud vendors are being asked to put together proposals that would see a single vendor get the task of creating a new cloud system to handle operations for the entire department.
That an outside vendor would be tangled up in the theft of personally sensitive information just as the Pentagon looks to offload the bulk of its agency and employee data to another third party with JEDI is not a particularly good look.
Still, a mere 30,000 personnel records would actually be huge improvement from the government's worst data fumble, the 20 million-plus records stolen by Chinese hackers in the 2015 OPM mega-hack. ®