Hackers recently breached Pentagon travel records and nabbed personal information and credit card data, perhaps on as many as 30,000 military and civilian personnel, AP reported.
The breach was only recently discovered but may have happened months ago. Senior Pentagon leaders were told about the breach on Oct. 4.
In a statement to AP, Pentagon spokesman Lt. Col. Joseph Buccino downplayed the scale of the breach and said it was the fault of a single vendor.
“It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population,” he said.
“The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel.”
It wasn’t yet clear whether this breach was of the Defense Travel System or something else. The Pentagon did not immediately respond to a request for comment.
Still, it hasn’t been a good week for inspiring confidence in DoD’s cybersecurity abilities.
Days before this latest breach was discovered, the Government Accountability Office published a new report after extensive investigation that found nearly all weapons systems in the military arsenal were vulnerable to hackers.
Between 2012 and 2017, penetration testers “routinely found mission critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. Also noteworthy was the fact that testers weren’t taking nearly as much time or using sophisticated methods as a nation-state adversary would.
Instead, most used “relatively simple tools and techniques” to take control, and largely operated undetected as a result.