Marine unit accidentally emails out 39,000 bank accounts, other personal info

The email went to roughly 250 Defense Travel System travel administrators.
Marines
U.S. Marines with I Marine Expeditionary Force Information Group prepare to board an MV-22 Osprey during a medical evacuation drill as a part of a certification exercise at Marine Corps Base Camp Pendleton, California, Feb. 28, 2023. (Lance Cpl. Joseph Helms/U.S. Marine Corps)

Share

A Marine unit accidentally sent an unencrypted email that includes the bank account numbers and other personal identifiable information for roughly 39,000 Marines, sailors, and Defense Department civilians, most of whom are assigned to I Marine Expeditionary Force, a Corps spokesperson confirmed. 

“At this time there is no indication that any PII [personal identifiable information] has reached anywhere other than official government channels,” 2nd Lt. Sean Waterman, a I MEF spokesperson, told Task & Purpose. “To be clear, nothing was hacked.”

The May 9 email from Combat Logistics Regiment 17, 1st Marine Logistics Group, was sent to about 250 to Defense Travel System travel administrators, all of whom were later told to delete the message, Waterman said.

Subscribe to Task & Purpose Today. Get the latest military news, entertainment, and gear in your inbox daily.

Those administrators were only supposed to have access to data for their individual units instead of nearly 40,000 people, Waterman said.

“The email included variations of the following traveler PII: full names, last four digits of Social Security Numbers, Electronic Data Interchange Personal Identifiers (EDIPI), email addresses, residential and mailing addresses, personal phone numbers, last six digits of government travel card numbers and expiration dates, checking account and routing numbers, and savings account and routing numbers,” Waterman said.

The mistake was discovered on May 12 and an investigation has been launched into how the information was sent out via email, Waterman said. Investigators will also determine if new security measures and protocols for handling personal identifiable information need to be implemented.

In the meantime, Col. John McCalmont, the commanding officer for Combat Logistics Regiment 17, has sent a letter to people who may have been affected by this incident, Waterman said.

“While there is no evidence to suggest personal data has been misused, it is the Department of the Navy policy to apprise individuals who may have had personal data compromised,” the May letter from McCalmont reads. “We recommend you visit the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/edu/microsites/idtheft/ for guidance on protective action.”

Corps officials are in the process of confirming that no copies of the email were forwarded outside of the Marine Corps Enterprise Network, McCalmont wrote. He added that new security measures are being implemented to prevent any further unauthorized disclosures of personal information.

Those affected can also reach a 1st Marine Logistics Group helpdesk by email at 1stMLG_Disbursing_Helpline@usmc.mil or calling (760) 725-3688, (760) 725-3565, and (760) 763-1689, Waterman said.

“1st MLG [1st Marine Logistics Group] is proactively reaching out to individuals who may have been affected by this and providing those individuals with relevant information guidance and resources out of an abundance of caution and because we take safeguarding our Marines’ personal information very seriously,” Waterman said.

The latest on Task & Purpose