The United States Marine Corps Force Reserve has become a victim of a massive data breach this week due to which sensitive, private data of around 21, 426 Marines, sailors, and civilians got exposed. According to cyber security researchers, the Defense Travel System DTS of the Defense Department sent an unencrypted email to the wrong email distribution list.
This email contained an attachment, which included a large number of valuable sensitive and confidential personal information; including bank account numbers, social security numbers, bank routing numbers, bank electronic funds transfer numbers, credit card information, mailing addresses, emergency contact information and residential address of thousands of Marine Corps personnel and civilians, stated Marine Forces Reserve’s spokesman Maj. Andrew Aranda in the official command release.
The DTS is a travel management system that the Defense Department uses for management of officially authorized trips, travel expenses, and itineraries. The data security professionals said that the unencrypted email was not only unintentionally sent to civilian accounts but also to those accounts that were hosted within the unclassified, official “usmc.mil” Marine domain.
“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information,” said Maj. Aranda.
According to the report, currently, it is unclear how many people received this email. Maj. Aranda stated that the mistake was “quickly noticed” and the Marine Forces Reserve implemented email recall procedures in order to minimize the number of recipients. Involvement of any malicious threat actor in this misconduct was also ruled out by Maj. Aranda.
Now, the data exposure is under investigation by the Marine Forces Reserves to evaluate the damage of the breach and the cyber security office of the department is also planning to implement favorable, productive changes to improve the security of personal data and prevent similar incidents in the future. The affected personnel and civilians will also be notified about the breach and guidance will be offered by the department to mitigate the risk of identity theft and other frauds.
In addition, data security experts believe that such incident not only brings online threats but also put victims at the risk of being a target by criminals and terrorists.