Spreadsheets containing the names, birthdates and Social Security numbers of 28,000 U.S. Navy personnel and family members were found on a civilian Web site, the Office of Naval Personnel said Friday.
Are you sensing a pattern yet?
The Joint Task Force Global Network Operations, a component of U.S. Strategic Command, found the files and reported the discovery to the Navy Cyber Defense Operations Command on Thursday. The files have been removed from the web site, which the office did not identify.
It’s not clear whether anyone downloaded the five spreadsheets from the Web site before they were removed.
The Chief of Naval Personnel is working to identify those affected and notify them individually, according to a statement posted on the command’s Web site. Personnel who believe they may have been affected can contact the Office of Naval Personnel at 1-866-U-ASK-NPC (1-866-827-5672).
Unlike other recent security breaches, affected personnel may not receive free credit-monitoring services unless they were also affected by the Veterans Administration data theft in May.
The Office of Naval Personnel said it would investigate to determine how the files got onto a public Web site and ensure that it doesn’t happen again.
I say tune in tomorrow to see what government agency discloses a data breach next.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 3376 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Jim
Jun 24, 2006
I have a little write up on my site that pretty much describes why things like this happen. The DoD outsources so much, it’s inevitable that these things will happen. And unless we start holding them accountable, it will continue.
Michael Hampton
Jun 24, 2006
Jim, I don’t know if it has anything to do with outsourcing. Government computer security has sucked for as long as I’ve been watching closely, and that’s been since December 30, 1996 when I happened to visit the (new at the time) Air Force web site, only to find out it was hacked. (NSFW) Others have watched for much longer. Anyway, at the time, pretty much any civilian government or military computer on the Internet was about as secure as Swiss cheese. I’d say the situation from then to now has only barely improved.
Jim
Jun 24, 2006
I completely agree. I remember in the late 90s, before I ever got involved with the military, seeing dozens of military sites being defaced on a weekly basis. I understand there were problems, but the way the DoD went about trying to correct it is what I have a problem with. The IT jobs in the military are naively designed to be like any other job, one that could be taught to anyone who met the basic academic requirements. Unfortunately, that’s just not the case. So essentially it had a bunch of military folks who had spotty training and just didn’t fully understand IT’s role in the DoD. When the military finally realized this, they decided to contract it out to a civilian company. NMCI is an example in my position. NMCI came in and consolidated everything to just a few servers that would support the entire Navy and Marine Corps “enterprise.” Sure it technically lowered the risks of having so many systems compromised from the outside, but not a day goes by that there isn’t a major outage in one of the operating areas which just causes the help desk to be jammed and productivity to bottom out. That’s just one of many technical and financial issues caused by NMCI. What they should have done was restructured the way they did IT training. Their training has gotten much better, but now it’s too late to be able to apply any of it. They should have also standardized the military IT programs. Before NMCI, most commands were running systems without any real structure. The Navy also eventually started pushing standards and practices for IT systems that would get everyone on the same page, but again it was too late. NMCI had already taken over. Don’t even get me started on how much the Navy pays for each workstation or printer install!
That is just a lengthy example of how the military goes about fixing problems. When they see something isn’t working how they expected, they immediately solicit bids to have some civilian company take it over. Look what happened with the VA data breach! As soon as it came to light, they started bidding on a contract for a civilian company to take care of monitoring credit reports. Why couldn’t the military’s current personnel commands have done this? When you hire so many different contractors it should be expected that something like this would happen.
Michael Hampton
Jun 24, 2006
You get the idea.
But what’s wrong with the VA contracting out credit monitoring service? This is hardly something I would expect the VA to do, as it’s very unlikely to be qualified to do it, to begin with!
Jun 27, 2006
GAO discloses personal data breach - Homeland Stupidity
buff daddy
Jun 27, 2006
I have a question that I’ve yet to see answered in these types of stories… What was the hacked Operating System that was storing this information?
Honestly, though, does anybody know the answer and/or why it’s never mentioned as a matter of fact in any of these types of situations? And without a BIASED opinion to boot?
Right now I’m pressed for time, so I’ll save the long-winded diatribe as the catalyst for asking this question for a later time!
Jul 07, 2006
Navy posts personal data for 100,000 on its Web site - Homeland Stupidity