DoD agency suffers data breach, potentially compromising Social Security numbers

Author:
Publish date:
Air Force Master Sgt. Jesse Crawford (left) and Jonathan Timko, battlefield spectrum managers, conduct radio frequency surveys in East Africa. The spectrum management team used a variety of mobile RF analyzers and took measurements accross the CJTF-HOA area of responsibility, September 2, 2019.

Air Force Master Sgt. Jesse Crawford (left) and Jonathan Timko, battlefield spectrum managers, conduct radio frequency surveys in East Africa. The spectrum management team used a variety of mobile RF analyzers and took measurements accross the CJTF-HOA area of responsibility, September 2, 2019.

The Defense Information Systems Agency, an arm of the U.S. Department of Defense that handles secure communications and IT for the president and others, confirmed that it experienced a data breach in the middle of 2019. The agency has revealed little about the incident.

According to a DISA Feb. 11 letter that was sent to individuals whose personal information “may have been compromised,” the breach occurred between May and July last year. The letter further stated that DISA has since improved its security measures and protocols and that potential victims of identity theft would receive free credit monitoring.

In an email to Government Technology, DoD spokesman Chuck Prichard didn’t reveal whether the breach involved more sensitive records than nonsensitive records, but he said the personally identifiable information “included names and Social Security numbers.”

Prichard said that while DoD and DISA take cybersecurity and breaches “very seriously,” they do not plan on revealing certain details about this incident.

“For operational security reasons, the department does not comment on the actions taken to mitigate risks or vulnerabilities,” he said.

In a news and career advice article for ClearanceJobs, a defense- and security-focused job networking site, former senior military strategist Steve Leonard said he received the DISA letter and was not satisfied with its message.

“For once, I’d like to receive a letter that actually explained what happened,” Leonard said in his article. “In this case, the breach occurred months ago, plenty of time for DISA to identify the cause of the breach and offer some sort of explanation.”

Last year was notable for the number of data breaches, according to multiple sources. Earlier this month, company Risk Based Security stated that 15.1 billion records were reportedly exposed by breaches in 2019, a 284 percent jump from 2018. A report from nonprofit Identity Theft Resource Center estimates that the U.S. government and military experienced 83 data breaches in 2019, which accounted for 5.6 percent of the year’s total breaches and resulted in the exposure of 3.6 million sensitive records.

--- 

©2020 Government Technology - Distributed by Tribune Content Agency, LLC.