Names, addresses and other sensitive information pertaining to hundreds of members of the U.S. military, as well as log-in credentials and completed security clearance applications, were recently discovered on a publicly exposed computer drive, researchers said Sunday.
Gigabytes worth of sensitive data related to the U.S. Air Force were recently leaked online after a misconfigured backup drive was connected to the internet without being properly secured, according to researchers at MacKeeper, a German-headquartered IT investment and development company.
MacKeeper’s researchers spotted the unsecured drive last week and successfully worked to take it offline after determining that it contained data apparently belonging to a lieutenant in the U.S. Air Force, the company said in a blog post.
The exposed drive was not password-protected, ZDnet reported Monday, and could have been accessed by chance or by anyone who knew where to find it.
Given the sensitive nature of the documents exposed, national security experts said any foreign spies who found the files would have stumbled upon a “holy grail” of information, ZDnet reported.
Among the documents exposed were files containing the the names, addresses and Social Security numbers of 4,000 service members, in addition to the personally identifiable information of their spouses as well as celebrities who visited military installations, the website reported. Other documents include national security clearance applications completed by two retired four-star generals, each containing sensitive questions about their financial and medical history, relatives and other items potentially invaluable to adversaries.
“Foreign powers might use that information to target those individuals for espionage or to otherwise monitor their activity in the hopes of gaining insight into U.S. national security posture,” Susan Hennessey, a Brookings Institute fellow and a former NSA attorney, told ZDnet.
Another leaked document was described by MacKeeper as a spreadsheet containing a list of open investigations concerning members of the military, including accusations against servicemembers accused of discrimination, sexual harassment and bribery.
Also found on the drive were a passport application completed by an unnamed general, as well as bank information and several years worth of emails in addition to the username and password apparently used by a lieutenant colonel to access a Pentagon computer system, ZDnet reported.
Neither the Pentagon nor the generals compromised in the leak answered requests for comment Monday, according to the website.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.