Personal Data Of Over 130,000 Current And Former U.S. Navy Sailors Hacked Through A Contractor’s Compromised Laptop

The personal data of over 130,000 current and former U.S. sailors, including Social Security numbers, was hacked, confirmed the U.S. Navy on Wednesday.

Hackers gained access to highly sensitive personal information of 134,386 current and former sailors in the U.S. Navy. It isn’t immediately clear when the data breach occurred. However, the Navy was made aware of the hack by one of the contractors that the department employs. Apparently, the sailors’ data was accessed by compromising a laptop being used by one of the employees of the contractor.

U.S. Navy: Personal data for more than 130,000 sailors hacked https://t.co/RyjdRlC4aB pic.twitter.com/jPFna7fgjA

— CitizenSlant (@CitizenSlant) November 24, 2016

It is believed a laptop used by a Hewlett Packard Enterprise Services employee, who was working on a U.S. Navy contract, was hacked, and sensitive data was downloaded. Hewlett Packard informed the Navy about the data breach late last month, the Navy reported. The U.S. Navy has confirmed it will soon begin the process of notifying the affected sailors or their families in the coming weeks. The Navy usually informs sailors either by email, letter or phone.

There is no information on how the data breach occurred, but the Navy takes such matters very seriously, noted Chief of Naval Personnel Vice Admiral Robert Burke,

“The Navy takes this incident extremely seriously – this is a matter of trust for our sailors.”

Loose laptop sink ships… One Laptop Has Leaked Private Data On 130,000 .@USNavy Sailors #cybersecurity https://t.co/UXgQFnYDC6

— Cyber-DB (@CyberD_B) November 24, 2016

Burke added that an investigation of the breach had been launched. However, it is in its early stages, reported Huffington Post. He further noted that so far there’s no concrete information to suggest the ill-gotten information has been used,

“We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach. At this stage of the investigation, there is no evidence to suggest misuse of the information that was compromised.”

While Navy isn’t likely to mention the specific data that the hackers were able to gain access to, citing a Navy official, ABC News claimed the breach was believed to only include social security numbers and names of the sailors.

US Navy sailors' data breached https://t.co/fJjErFKGoD

— BBC News Technology (@BBCTech) November 24, 2016

It is not immediately clear why the laptop had data on sailors who are currently in service as well as those who are retired. However, the official clarified that the laptop was most likely being used for Navy’s Career Waypoints program. The program is a novel approach by the Navy that allows retired sailors to re-enlist or apply for new Navy jobs.

Acknowledging the data breach, Thomas Wat Brandt, a spokesman for Hewlett Packard Enterprise, said, “The security and privacy of our clients is a top priority for Hewlett Packard Enterprise (HPE). This event has been reported to the Navy and because this is an ongoing investigation, HPE will not be commenting further out of respect for the privacy of our Navy personnel.”

At present, the Naval Criminal Investigative Service (NCIS) is conducting the investigation. Officials confirmed they plan to continue the investigation and will provide further details to those affected soon, reported NBC News.

Data #breach at #USNavy: personal and sensitive information of 130,000 current and former sailors exposed https://t.co/jdIfrvZObY #risk

— Microsoft SIEM and XDR (@MSThreatProtect) November 25, 2016

While there has been no suspicious usage of the information yet, it is believed the hackers might use the compromised information for financial gain, and the NCIS teams are reviewing credit monitoring service options for all those involved.

Although the data breach might appear big, it is quite small in comparison to the one that was orchestrated by suspected Chinese hackers last year. The Office of Personnel Management (OPM) acknowledged last year that data of more than 22 million people inside and outside government was stolen. After a thorough investigation, investigators confirmed 19.7 million people who had applied for security clearances had their Social Security numbers and other personal information stolen. Moreover, more than 1.8 million relatives of these applicants and other associates also had their information accessed illegally.

Personal data belonging to 134,386 current and former sailors in the U.S. Navy has been compromised. https://t.co/0zXdWLDt1F pic.twitter.com/PFFOKe2ny2

— Good Morning America (@GMA) November 24, 2016

Undoubtedly one of the largest security breaches ever, the hackers had worked on the attack for about three years. Interestingly, back then, OPM claimed to have started offering “a comprehensive suite of monitoring and protection services” to those impacted.

[Featured Image by Mark Wilson/Getty Images]