The United States Navy has confirmed that the personal data of 134,386 current and former employees were leaked.
Names and social security numbers of the internal staff were stored in a laptop used by a Hewlett Packard Enterprise Services staffer that was compromised.
The Naval Criminal Investigative Service (NCIS) and HPE who are investigating the incident discovered that “unknown individuals” accessed the personal data of the United States Navy employees.
“Oct. 27, 2016, the Navy was notified by Hewlett Packard Enterprise Services (HPES) that one of the company’s laptops operated by their employee supporting a Navy contract was reported as compromised.” reads the Security Breach Notification of Sailors’ PII.
“After analysis by HPES and a continuing Naval Criminal Investigative Service (NCIS) investigation, it was determined Nov. 22, 2016, that sensitive information, including the names and Social Security Numbers (SSNs) of 134,386 current and former Sailors were accessed by unknown individuals.”
The US Navy did not disclose details of the incident and there is no evidence that exposed data were abused by the unknown attackers.
It is still unclear if the laptop was lost, stolen or if a malware exfiltrated data on its hard disk.
“We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach,” naval personnel chief Vice Admiral Robert Burke says.
“The Navy takes this incident extremely seriously – this is a matter of trust for our sailors.”
The United States Navy will notify employees affected by the security breach in “coming weeks.”
The Navy is reviewing credit monitoring service options for affected people.
(Security Affairs – United States Navy, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.