Thousands of DoD personnel may have had their private data leaked — US government admits 20,000 could be affected

An abstract image of a cloud raining data.
(Image credit: Pixabay)

A year after a cybersecurity incident, the US Department of Defense (DOD) has begun notifying affected individuals about exactly what happened.

In February 2023, cybersecurity researcher Anurag Sen discovered a US government email server that sat without a proper password to protect its content - essentially, leaking sensitive information to anyone who knew where to look. 

The exposed email server was hosted on Microsoft’s Azure government cloud for the Department of Defense, allowing it to share sensitive, but still unclassified data. This service offers servers that are physically disconnected from commercial customers, and was part of an internal mailbox system that held some 3TB of internal military emails, some of which referred to U.S. Special Operations Command (USSOCOM), a military unit running special operations.

Consequences yet to be determined

The database was secured a day after the news broke, but now, almost exactly a year later, the DOD started mailing affected individuals, notifying them of the incident. 

As per TechCrunch, the breach notification letter was sent out on February 1 to roughly 20,600 individuals. It said that “numerous email messages were inadvertently exposed to the Internet by a service provider,” between February 3 and February 20, 2023.

“As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure. DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing,” said DOD spokesperson Cdr. Tim Gorman in an email to TechCrunch.

While we now know how many people were affected by the breach, we still don’t know if any threat actors found the database before Sen did.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Closing the cybersecurity skills gap
HPE starts contacting victims of 2023 Russian cyberattack
US coast guard boat
US Coast Guard paychecks delayed by cyberattack
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
Details of over 15,000 FortiGate devices leaked online, so be on your guard
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'