Sensitive information concerning thousands of U.S. service members and civilians was compromised when a spreadsheet containing their personal data was sent to the wrong email distribution list this week.
About 21,426 people, including Marines, sailors and civilians, had their personally identifiable and banking information exposed as a result of their information being shared in an unencrypted email that was erroneously sent to the wrong recipients Monday morning, the Marine Corps Times reported Wednesday.
The breach originated at the Marine Corps Forces Reserve and revolved around a roster sent out by the Defense Travel System, or DTS, a travel management system used within the Pentagon for managing military-authorized trips and travel expenses, the report said.
The roster included truncated Social Security numbers; bank electronic funds transfer and bank routing numbers; truncated credit card information; mailing address; residential address and emergency contact information, Maj. Andrew Aranda, spokesman for Marine Forces Reserve, confirmed to The Washington Times.
The undisclosed number of recipients who mistakenly were sent the email included military and civilian accounts hosted within the official, unclassified usmc.mil domain, he said in a statement.
“It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that received it,” he said, adding that he believed “no malicious intent was involved” in the breach.
“We have already begun investigating the processes that led to this spillage and will make any required changes to better safeguard how we collect and store data to prevent this incident from happening again,” he said.
The Marine Corps plans to notify the individuals affected by the breach, the spokesman said.
While data compromises are increasingly commonplace, previous incidents have proven that the personal information of U.S. service members may be exploited by not just identity thefts, but terrorists as well.
Ardit Ferizi, a Kosovo man described by the Obama administration as “the first terrorist hacker convicted in the United States,” was sentenced in 2016 to 20 years in prison in connection with providing the Islamic State with a “kill list” containing the information of approximately 1,300 U.S. government and military targets. More recently, Terrence McNeil of Ohio was sentenced in August to 20 years for having circulated a similar roster on social media.
