Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Penta-gone! Personal records of 30,000 US Dept of Defense workers swiped by miscreants

Travel details for thousands of citizens slip into hands of slippery scumbags

Shaun Nichols in San Francisco Mon 15 Oct 2018  //  18:25 UTC

Someone has reportedly siphoned personal information on 30,000 or more US Department of Defense workers.

According to anonymous sources at the Pentagon in Washington DC, an unnamed individual was able to access department travel records earlier this year, and would have been able to log employees' submitted personal information – such as names, dates of birth, and credit card numbers.

A US military spokesperson was not available to confirm or comment on the claims.

Both military and civilian workers are believed to have been caught up in the theft, and current estimates sit at roughly 30,000 people having their records exposed to miscreants, with that number set to climb as the investigation continues.

Vendor fingered

The data theft is said to have occurred not within the Pentagon itself, but rather with a third-party vendor it uses to book travel. The vendor was not identified.

"It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population," a DoD official was quoted as telling Associated Press. "The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel."

Word of the data spill comes as the DoD is looking to kick off a major reorganization of its IT operations with the awarding of the 10-year $10bn JEDI contract program. Cloud vendors are being asked to put together proposals that would see a single vendor get the task of creating a new cloud system to handle operations for the entire department.

That an outside vendor would be tangled up in the theft of personally sensitive information just as the Pentagon looks to offload the bulk of its agency and employee data to another third party with JEDI is not a particularly good look.

Still, a mere 30,000 personnel records would actually be huge improvement from the government's worst data fumble, the 20 million-plus records stolen by Chinese hackers in the 2015 OPM mega-hack. ®
Send us news
15 Comments

Schneier tries to rip the rose-colored AI glasses from the eyes of Congress

DOGE moves fast and breaks things, and now our data is at risk, security guru warns in hearing

US infrastructure could crumble under cyberattack, ex-NSA advisor warns

PLUS: Doxxers jailed; Botnets bounce back; CISA questioned over app-vetting program closure; And more

Aussie businesses now have to fess up when they pay off ransomware crims

Move should help government track infections and plan new legislation

Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers

House Homeland Security Committee takes a field trip to Silicon Valley

European pols wave their hands about digital sovereignty with broad but vague plan

One Dutch developer called it a 'nothingburger'

AT&T not sure if new customer data dump is déjà vu

Re-selling info from an earlier breach? Probably. But which one?

Reddit sues Anthropic for scraping content into the maw of its eternally ravenous AI

All the cool kids signed licensing deals with the recently-listed forum site

Boffins found self-improving AI sometimes cheated

Instead of addressing hallucinations, it just bypassed the function they built to detect them

American science put on starvation diet

National Science Foundation FY 2026 budget cut by more than 60%

ConnectWise customers get mysterious warning about 'sophisticated' nation-state hack

Pen tester on ScreenConnect bug: This one ‘terrifies’ me

Meta – yep, Facebook Meta – is now a defense contractor

Giving people the power to build community and bring the world closer together so we can shoot them

Data watchdog put cops on naughty step for lost CCTV footage

Greater Manchester Police reprimanded over hours of video that went AWOL