Major data breach at Marine Forces Reserve impacts thousands

[Richard Forno <rforno () infowarrior org>]

Major data breach at Marine Forces Reserve impacts thousands

https://www.marinecorpstimes.com/news/your-marine-corps/2018/02/28/major-data-breach-at-marine-forces-reserve-impacts-thousands/

The personal information of thousands of Marines, sailors and civilians, including bank account numbers, was 
compromised in a major data spillage emanating from U.S. Marine Corps Forces Reserve.

Roughly 21,426 people were impacted when an unencrypted email with an attachment containing personal confidential 
information was sent to the wrong email distribution list Monday morning.

The compromised attachment included highly sensitive data such as truncated social security numbers, bank electronic 
funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and 
emergency contact information, Maj. Andrew Aranda, spokesman for Marine Forces Reserve said in a command release.

That email was a roster sent out by the Defense Travel System, or DTS, Marine Corps Times has learned. DTS is a Defense 
Department system that assists military and civilian defense personnel with travel itineraries and settling expenses 
from official authorized trips.

“It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that 
received it,” Aranda said.

The email containing the data was sent within the usmc.mil official unclassified Marine domain, but also to some 
civilian accounts.

Personal information can be used by criminals or entities to steal identities, commit bank and credit fraud, or 
phishing schemes.

In 2015, ISIS posted a ‘kill list’ of 41 Marines and sailors based on information it pulled from publicly accessible 
online forums and social media accounts.

The Marines are still analyzing the extent of the spread of the sensitive data and plan to implement future changes to 
better safeguard personally identifiable information. But Aranda said he believed “no malicious intent was involved.”

However analyzing the full impact could prove to be a Sisyphean task. Once the data moves outside of the Marine domain 
there’s no telling how far it could spread.

The Corps plans to notify those affected by the breach and provide guidance on ways to safeguard from identity theft.

“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and 
we have steps in place to prevent the accidental or intentional release of such information,” Aranda said.

Freelance writer James LaPorta contributed to this story.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange