The U.S. Army National Guard recently announced that all current and former National Guard members since 2004 could be affected by an accidental disclosure of personal data.
The breach occurred when files containing personal information were inadvertently transferred to a non-DoD-accredited data center by a contract employee, according to National Guard spokesman Maj. Earl Brown.
The data potentially exposed includes names, Social Security numbers, birthdates and home addresses.
“The National Guard Bureau takes the control of personal information very seriously,” Brown said in a statement. “After investigating the circumstances of these actions, and the information that was transferred, the Guard has determined, out of an abundance of caution, to inform current and past Guard personnel that their Personally Identifiable Information (PII) was among the files that were transferred.”
However, Brown said the Guard doesn’t expect the data to be used unlawfully.
“This was not a hacking incident, in which the intent was to use data for financial gain,” Brown said. “Nonetheless, the Guard believes that individuals potentially affected need to know about the breach and what actions they can take to protect themselves from potential identity theft.”
The National Guard breach is unrelated to the recent data breaches at the Office of Personnel Management.
National Guard members with questions are advised to contact (877) 276-4729 or visit http://www.nationalguard.mil/Features/IdentityTheft.aspx.
Fortscale CEO Idan Tendler told eSecurity Planet by email that even though the breach wasn’t malicious, there is a key lesson to be learned from it.
“The fact of the matter is that many employees and contractors have access to sensitive data, and whether it’s deliberate or not, exposing that data and potentially putting that information in the hands of criminals can have far-reaching effects and potentially damaging consequences,” Tendler said. “As a result, organizations must remain vigilant, monitoring their networks for abnormal or suspicious user behavior to prevent these types of breaches from occurring and ensuring their crown jewels are kept safe.”