Computer hackers leaked personal information about thousands of U.S. troops stationed in South Korea, the Pentagon confirmed Wednesday, adding it is investigating the security breach, which came a day after cyberattacks knocked South Korean government and news websites offline.
“The department is currently investigating reports that the personal information of U.S. forces was compromised in recent cyberattacks against [South] Korea,” said Air Force Lt. Col. Damian Pickart, a Pentagon spokesman.
The attacks “keenly illustrate the continued challenges and threats posed in cyberspace,” he said.
The computer attacks Tuesday came on the anniversary of the outbreak of the Korean War in 1950 and are widely believed to be the work of North Korean state-sponsored hackers.
A South Korean security firm, NSHC, first reported the online posting of personal data about the U.S. troops and of an estimated 2 million members of South Korea’s ruling political party.
Initial accounts failed to specify what information about the troops had been posted. Col. Pickart said the Pentagon’s definition of personal data includes names, birth dates and Social Security numbers of service members.
The databases used to store such information can easily be compromised if the data is improperly stored or unencrypted.
The online posting of the personal data on U.S. troops in South Korea came on the heels of what appeared to be a large-scale cyberattack on South Korean government and news websites Tuesday that temporarily shut down more than a dozen of the sites.
Park Jae-moon, director of the South Korean Science Ministry’s Information Technology Strategy Bureau, told reporters Tuesday that the websites of 11 media outlets, four government agencies and the conservative New Frontier political party had been shut down by the malware-based attack.
The websites of South Korea’s presidential residence and prime minister’s office were offline for most of the day.
North Korea’s communist government has been linked to earlier computer attacks against the South.
An official South Korean inquiry traced back to North Korea a more widespread attack in March that wiped data from 32,000 computers at three banks and three TV broadcasters.
It also shut down email, websites, ATMs and online banking for a day or more.
North Korea was blamed for cyberattacks in 2009 and 2011 that also targeted South Korean financial institutions and government agencies.
This week’s attacks and the hacking in March exploited flaws in computer software that can allow malicious programs to be downloaded onto affected computers — a relatively complex action suggesting a sophisticated attacker.
“The use of the data dump tactic indicates the attack was likely done by a politically motivated group,” rather than state-sponsored hackers, according to the British technology news website V3.
In testimony last year to the House Armed Services Committee, the commander of U.S. forces in South Korea, Gen. James D. Thurman, said North Korea was employing special “units of sophisticated computer hackers” to carry out cyberattacks.
“Such attacks are ideal for North Korea,” he added, explaining that they are difficult to trace.
North Korean cyberattacks “have been increasingly employed against a variety of targets including military, governmental, educational and commercial institutions” in the South, Gen. Thurman said.