An agency of the U.S. Department of Defense (DoD) was hit by a data breach seven months ago that may have compromised the personally identifiable information (PII) of thousands of military staff and civilian personnel.
The Defense Information Systems Agency (DISA), which has about 9,000 employees and handles secure communications for government top brass and military officials, sent letters to possible victims earlier this month to warn that its network may have been compromised. A DISA spokesperson confirmed the breach in an email to TechCrunch. “DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network,” the spokesperson said.
One of the victims of the breach posted the letter’s contents on Twitter. “During the May to July 2019 timeframe, some of your personal information, including your social security number, may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency,” the letter reads. “While there is no evidence to suggest that your PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.”
In the cyber burglary's wake, DISA said it was adopting new protocols to increase PII protection and will provide free credit monitoring services to potential victims. “We deeply regret any inconvenience the potential data breach may cause you,” the letter said.
The DISA network hack, while noteworthy, does not approach the magnitude of a 2015 heist at the Office of Personnel Management, in which the PII of some 21 million people, including social security numbers, usernames and passwords, was lifted.
Reuters first reported word of the DISA breach.