![[US] Email data breach affects 20,000 Department of Defense employees](http://globalpayrollassociation.com/cdn/shop/articles/bigstock-Aerial-of-the-Pentagon-the-De-18776939_1200x.jpg?v=1707981512)
In the US, the Department of Defense (DOD) has sent thousands of current and former employees a data breach notification letter to alert them of a leak of their personal information, Engadget reports.
On February 13, news of the breach was reported by DefenseScoop. The DOD first detected the incident in early 2023, however, notifications only began to go out earlier this month.
More than 20,000 individuals have reportedly been affected by the breach.
The letter states that emails were "inadvertently exposed to the internet" by a Defense Department "service provider." The emails contained personally identifiable information.
The agency doesn’t clarify the type of information but PII ordinarily ranges from information such as social security numbers, home addresses or other sensitive details.
"While there is no evidence to suggest that your PII was misused, the department is notifying those individuals whose PII may have been breached as a result of this unfortunate situation," the letter said. It reportedly urges affected parties to sign up for identity theft protection.
The breach stems from an unsecured cloud email server that leaked sensitive emails onto the web, according to TechCrunch. The Microsoft server was likely to have been misconfigured and could be accessed from the internet without the need for a password.
"As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure," the Department of Defense said in a statement. "DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing."
Source: Engadget
(Links and quotes via original reporting)
In the US, the Department of Defense (DOD) has sent thousands of current and former employees a data breach notification letter to alert them of a leak of their personal information, Engadget reports.
On February 13, news of the breach was reported by DefenseScoop. The DOD first detected the incident in early 2023, however, notifications only began to go out earlier this month.
More than 20,000 individuals have reportedly been affected by the breach.
The letter states that emails were "inadvertently exposed to the internet" by a Defense Department "service provider." The emails contained personally identifiable information.
The agency doesn’t clarify the type of information but PII ordinarily ranges from information such as social security numbers, home addresses or other sensitive details.
"While there is no evidence to suggest that your PII was misused, the department is notifying those individuals whose PII may have been breached as a result of this unfortunate situation," the letter said. It reportedly urges affected parties to sign up for identity theft protection.
The breach stems from an unsecured cloud email server that leaked sensitive emails onto the web, according to TechCrunch. The Microsoft server was likely to have been misconfigured and could be accessed from the internet without the need for a password.
"As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure," the Department of Defense said in a statement. "DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing."
Source: Engadget
(Links and quotes via original reporting)