As many as 30,000 personnel files exposed

A mix of both civilian and military personnel have had their personal and financial information exposed. This exposure is what has been reported as a major security breach of the Pentagon. This is proof positive that no organization is safe from watchful hackers scattered all around the world.

The Associated Press report on the incident includes

"The department is continuing to gather additional information about the incident, which involves the potential compromise of Personally Identifiable Information (PII) of DoD personnel maintained by a single commercial vendor that provided travel management services to the department.  This vendor was performing a small percentage of the overall travel management services of the DoD...The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel."

While there's no good time for a data breach like this, it couldn't have come at a worse time. The Government Accountability Office (GAO) had issued a scathing report of critical vulnerabilities in virtually all of the weapons systems programs the agency currently runs.

A small excerpt of the report reads as follows

"One test report indicated that the test team was able to guess an administrator password in nine seconds...Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the internet and gain administrator privileges for that software."

It gets worse.  When confronted with the findings of the report, Pentagon officials dismissed the report as being unrealistic.

Our perspective

Clearly, there was something to the report, or this breach would not have happened.  The hope is that it will be sufficient to cause Pentagon officials to do some soul searching and reevaluate their positions.  If not, you can bet that something like this will happen again.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business