KEY POINTS

  • The data breach took place between May-July 2019
  • It may have exposed the personal information of 200,000 personnel
  • The Department of Defense has sent out letters to affected personnel

The U.S. Department of Defense has confirmed that a 2019 breach on one of the computer systems of the Defense Information Systems Agency (DISA) may have exposed the personal information, including social security numbers of around 200,000 service personnel.

DISA is responsible for overseeing communication for the military and the White House. According to a letter from the Department of Defense dated Feb. 11, 2020, personally identifiable information of service personnel may have been compromised between May-July 2019.

The letter was first shared in a tweet and was confirmed to be authentic after DISA spoke to TechCrunch Thursday.

“The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information may have been compromised in a data breach on a system hosted by the agency.  While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised,” DISA spokesman Charles Prichard told the publication.

He further stated that DISA had taken adequate measures to investigate the breach and secure the network. The source behind the attack on the server has not been revealed.

Since DISA is also responsible for cybersecurity and setting up communication networks in combat zones, it is constantly under threat of a cyber attack. According to U.S. Army veteran and cyber threat analyst Andy Piazza, the information exposed in the attack may not be a big issue but the susceptibility of military servers against such cyber attacks remains a looming concern.

While the Department of Defense claims that there has been no indication of misuse of the information, it is yet to reveal whether the information can be used to endanger the safety and security of U.S. army personnel.

Standard policies require DISA to notify anyone whose data has been compromised. The agency will work on mitigating any damage and anyone affected by the breach will be offered free credit monitoring services, according to the letter sent to the personnel, whose data may be at risk.