The personal information of more than 30,000 Pentagon workers has been compromised as a result of a data breach at a contractor, revealing information as sensitive as credit card data. Although no classified material was said to be compromised in the hack, the actual date of the attack remains unknown. It was initially revealed on October 4, but security staff warned that it may have taken place earlier and merely gone unnoticed.
Despite the Pentagon running a number of schemes like “Hack the Pentagon,” to help harden its digital infrastructure against weaknesses, hacks and breaches have taken place multiple times in recent years. This latest one appears to be the fault of a contractor, who at this time remains unnamed. The results could be wide-reaching though, as both military and civilian workers were affected.
The Pentagon did confirm the breach in a statement but has attempted to downplay its impact. Pentagon spokesperson, Lieutenant Colonel Joseph Buccino said in a statement via APNews, “It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population.”
He went on to say that the Pentagon was continuing to look into the breach and that it would notify all of those potentially affected by it. The Department of Defense has since severed ties with the contractor reportedly responsible for the breach, although the unnamed vendor does still remain under contract.
This breach comes at a poor time for the U.S. government, which was only recently criticized by the Government Accountability Office, which suggested that although improvements had been made to the Pentagon’s security, it still did not have adequate protections in place for its weapons systems. As new and more sophisticated cyber attacks become commonplace in peacetime and war, the GAO suggested that the Pentagon needs to improve its provisions against such tactics.
The security of government-sanctioned voting machines has also been brought into question in the lead-up to the 2018 mid-term elections in November. A recent Def Con event highlighted that even children were capable of breaching the machines’ security, potentially bringing into question any vote counting results achieved on such hardware in a few weeks’ time.
