A breach of Defense Department travel records has compromised personal information and credit card data of US military and civilian personnel. Up to 30,000 military and civilian workers are expected to be affected by this breach that reportedly happened through a commercial vendor used by the agency. The number could grow as the investigation is still in process.
"It's important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population,” Joseph Buccino, a Pentagon spokesperson, said in a statement. The responsible vendor hasn't been identified due to security concerns.
Pentagon breach could have happened months ago
Citing a US official familiar with the matter, the Associated Press reported that the breach could have happened months ago but was only recently discovered on October 4th. The official added, on the condition of anonymity, that no classified information was compromised. However, considering that the investigation has only just begun, it might be a little too early to make such a claim.
The US government and several of its agencies have started various initiatives to better secure their networks and data. However, even after including white hat hackers through programs like "Hack the Pentagon," it appears the government is struggling to avoid massive hacks and breaches. These breaches usually are blamed on third party contractors, raising questions on the government agencies' inability to properly conduct scans and background checks on the companies that are hired. Buccino said that the vendor is still under contract, however, the department "has taken steps to have the vendor cease performance under its contracts."
"The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel," the statement added. Affected people will be offered fraud protection services. However, it might take the department a little more to convince everyone since only last week a federal report concluded that the Pentagon has been slow to protect the systems, making military weapons programs vulnerable to cyberattacks.