The Pentagon said it suffered a cybersecurity breach during which the US Defense Department travel documentation was affected. Personal data and credit card information of the US military officers and a large number of civilian personnel at the department have been both compromised.
According to information from a trusty employee at the department said to the Securityweek, the cybersecurity breach has affected more than 30,000 employees. However, the victims` number is likely to be much higher as the investigation is still ongoing. It is unclear when this privacy breach happened, it may have happened a long time ago, but it was only recently discovered.
The military official who spoke with Securityweek insists on being totally anonymous because the investigation is still not done, and probably because of concerns about his own security. He claims there is no evidence that classified information has been compromised, but leaking personal data is a big enough shame for such a large-scale military structure as the US Defense Department.
According to the Pentagon's official statement, the department cyber team informed its leaders about the breach on October 4.
"It's important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population" of Defense Department personnel, said Lt. Col. Joseph Buccino, a Pentagon spokesman. He added that the ministry is still collecting information on the scale and scope of the hacker attack and on who the penetrator was.
There is no information who the hacked contractor of the US Defense Department is, and there are no details about the hacker attack.
"The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel," said Buccino in the statement. He also said that due to security reasons, the department is not identifying the hacked vendor. According to the official statement, the company is still under contract but the department has already taken steps to annul it.
The disclosure of the Pentagon cybersecurity breach happens just after a federal report release that concluded that military weapons programs are vulnerable to cyber-attacks and the Pentagon fails to protect its systems.
The report also describes many other security breaches that have affected US federal government agencies over the past few years, including compromising personal and medical information, social security numbers, and more. The report is published by the U.S. Government Accountability Office and it also states that the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The security audit was conducted between September 2017 and October 2018 and it has found that there are "mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats."