US Navy Confirms Sailor Data Leak From Compromised Laptop

American cloud flag tattered © CURAphotography Shutterstock

Call Agent Gibbs. Personal information on more than 130,000 US sailors compromised after HPE laptop breach

The US Navy has confirmed that sensitive personal information belonging to 134,386 current and former sailors has been stolen.

The data breach came after HP Enterprise Services (HPES) notified the US navy on 27 October that one of its staffer’s laptops who has been supporting a navy contract, was ‘compromised’.

NCIS Investigating

“After analysis by HPES and a continuing Naval Criminal Investigative Service (NCIS) investigation, it was determined Nov. 22, 2016, that sensitive information, including the names and Social Security Numbers (SSNs) of 134,386 current and former Sailors were accessed by unknown individuals,” said the US Navy in a statement.

The US Navy has approximately 430,000 sailors on active service or in reserve.

“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” said Chief of Naval Personnel Vice Adm, Robert Burke. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”

data security breachThe American Navy said it will notify affected sailors in the coming weeks, and is reviewing credit monitoring service options for affected sailors.

Meanwhile it is investigating how the HPES laptop came to be compromised. There is no word on whether the laptop went missing, or whether it was intentionally hacked by external attackers.

“At this stage of the investigation, there is no evidence to suggest misuse of the information that was compromised,” said the US Navy.

Data Breaches

It should be remembered that this is not the first time that external attackers have compromised US military and government systems.

In 2014 a contractor for the US Department of Homeland Security (DHS) was hit by a serious cyberattack, and it said the breach “had all the markings of a state-sponsored attack.”

Earlier that same year, the US government’s Department of Labor website was compromised, and the US Office of Personnel Management (OPM), the government agency that keeps the personal information of all federal employees, also suffered a similar incident.

Matters are not helped by the fact that some US military and government systems are fairly ancient.

For example in 2015 the US Navy signed a deal with Microsoft to keep the Windows XP operating system supported on its 100,000 computers, despite the fact that it was first launched fourteen years ago in late 2001.

Earlier this year it was revealed that the US Department of Defence systems, which co-ordinates intercontinental ballistic missiles and nuclear bombers is run using a computer system from the 1970s, that uses eight inch floppy discs.

Are you a security pro? Try our quiz!