It has surfaced that the U.S. Department of Defense (DOD) has reached out to around 20,600 individuals to inform them about a data breach that took place last year. The breach, disclosed in a letter sent on February 1, 2024, brings to light an unintentional exposure of multiple email messages by the Defense Intelligence Agency, the DOD’s military intelligence branch. This incident occurred between February 3 and February 20, 2023, and has raised concerns about the security of personal information.
This breach was traced back to an unsecured U.S. government cloud email server hosted on Microsoft’s cloud service for government clients. The server, due to a misconfiguration, was accessible without a password, potentially putting sensitive information at risk. The compromised server contained around three terabytes of internal military emails, including data related to U.S. Special Operations Command (SOCOM) and personnel information.
The breach was first identified by security researcher Anurag Sen, who discovered the exposed data online. After seeking assistance from TechCrunch, the information was reported to SOCOM on February 19, leading to the server’s securement on February 20. The DOD is now in the process of notifying affected individuals about the incident.
According to DOD spokesperson Cdr. Tim Gorman, the affected server was promptly removed from public access, and the service provider resolved the issues that led to the exposure. The DOD continues to collaborate with the service provider to enhance cyber event prevention and detection. However, it remains un
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.