Mississippi National Guard Admits Accidental Data Breach


For more than month, the most sensitive personal information of nearly 3,000 members of the Mississippi National Guard was accidentally posted to the brigade's Microsoft SharePoint website, exposing their names, Social Security numbers, home and cell phone numbers to anyone with a browser.

A spokesman for the 155th Brigade Combat Team said the administrative records were somehow uploaded to the website on Sept. 10. The data was compiled between 2006 and 2008, including periods during which members of the unit were deployed in Iraq.

"Information management is working feverishly to get to the bottom of it," Col. Tim Powell, the National Guard spokesman, said in a statement. "We take this very seriously and are incorporating numerous layers of Internet security on our website."

This isn't the first time the military had endured an embarrassing data security mishap.

In August, U.S. Deputy Secretary of Defense William Lynn III confirmed that a foreign intelligence agent in 2008 successfully infiltrated U.S. military computers used to monitor combat activities in Iraq and Afghanistan.

The breach, which Lynn described as the "most significant breach in history," was facilitated by a cigarette-lighter-sized portable flash drive that was able to infect the computers with malware that made it possible for outsiders to access and monitor U.S. military intelligence.

In this latest National Guard breach, brigade officials were tipped off to the errant data posting by an executive working for the Liberty Coalition, a Washington-based policy institute that operates the NationalIDWatch.org website that helps consumers protect themselves from identity theft.

The National Guard website was shuttered, but the soldiers' information, including security clearance data and ranks, was readily available online for more than a month.

In a recent security review, identity theft expert Robert Siciliano found that federal government and military organizations were among the Top 10 places most likely to accidentally divulge an individual's Social Security number, ranking sixth on the list just behind state government agencies and just ahead of medical companies.

Powell said all affected individuals have been notified of the breach and the National Guard unit plans to increase data security policies and procedures to prevent another accidental breach.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Follow eSecurityPlanet on Twitter @eSecurityP.