The United States Navy has confirmed that the personal data of 134,386 current and former employees were leaked.
Names and social security numbers of the internal staff were stored in a laptop used by a Hewlett Packard Enterprise Services staffer that was compromised.
The Naval Criminal Investigative Service (NCIS) and HPE who are investigating the incident discovered that “unknown individuals” accessed the personal data of the United States Navy employees.
“Oct. 27, 2016, the Navy was notified by Hewlett Packard Enterprise Services (HPES) that one of the company’s laptops operated by their employee supporting a Navy contract was reported as compromised.” reads the Security Breach Notification of Sailors’ PII.
“After analysis by HPES and a continuing Naval Criminal Investigative Service (NCIS) investigation, it was determined Nov. 22, 2016, that sensitive information, including the names and Social Security Numbers (SSNs) of 134,386 current and former Sailors were accessed by unknown individuals.”
The US Navy did not disclose details of the incident and there is no evidence that exposed data were abused by the unknown attackers.
It is still unclear if the laptop was lost, stolen or if a malware exfiltrated data on its hard disk.
“We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach,” naval personnel chief Vice Admiral Robert Burke says.
“The Navy takes this incident extremely seriously – this is a matter of trust for our sailors.”
The United States Navy will notify employees affected by the security breach in “coming weeks.”
The Navy is reviewing credit monitoring service options for affected people.
(Security Affairs – United States Navy, data leak)