On February 26, a yet-unidentified individual from the U.S. Marine Forces sent out an unencrypted email containing an attachment with the personal identity information of 21,426 military servicemen and civilians.
The leak included social security numbers, bank account numbers, bank routing numbers, credit card information, emergency contact information, and mailing addresses, according to an official command release from the Marine Forces. According to their report, the leak does not appear to be the result of a rogue insider but more likely a simple clerical mistake. The email, specifically from the Defense Travel System of the Department of Defense, was sent to the wrong email distribution list. That distribution list included civilians. The Defense Travel System deals with itineraries and expense reports for official trips.
In his command release, Marine Forces Reserves spokesman Maj. Andrew Aranda said that it is not clear how widespread the leak had become before it was discovered, but that it was discovered quickly. Steps were immediately taken to minimize the damage, including recalling as many emails as possible.
The data leak is currently being internally investigated. Affected parties will be notified of their identity exposure and assisted in preventing identity theft. The Marine Forces are currently planning to implement changes to their security policies around their stored identity information.
“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information,” Maj. Aranda said.
Latest posts by Ben Canner (see all)
- 2020 Vendors to Know: Identity Management - July 13, 2020
- 2020 Vendors to Know: Identity Governance - July 9, 2020
- 2020 Vendors to Know: Privileged Access Management - July 7, 2020