The personal details of more than 130,000 former and currently serving sailors in the US Navy have been “accessed by unknown individuals”, the Department of the Navy said on Thursday.
Details including names and social security numbers have been compromised, the department added.
The leak happened after the laptop of a contractor working for Hewlett Packard Enterprise was “compromised”, said the department.
Little more is known about the breach, and the Navy reassured sailors that it is “in the early stages of investigating” the breach and is “working quickly to identify and take care of those affected by this breach”.
The department also said it was taking the sensible step of “reviewing credit monitoring service options for affected sailors”.
In the meantime, we’d add some further advice if you think you’re one of the sailors whose details might have been compromised:
- Keep an eye on your bank and credit card statements for dodgy transactions.
- Be particularly wary of emails, texts or messages on other platforms asking you to click a link and log in to “confirm your account details” or hand over other personal information.
- Do take up the Navy Department’s offer of credit monitoring services, which will keep an eye on anyone trying to open accounts using your name or social security number.
It seems at the moment that “there is no evidence to suggest misuse of the information that was compromised”, but there’s no harm in following our advice.
Vice-admiral Robert Burke, chief of naval personnel, moved to reassure sailors, saying: “The Navy takes this incident extremely seriously – this is a matter of trust for our sailors.”
Tom
How many stories about laptops, contractors and the US government will it takes for the US gov to figure out that there’s a problem? Stop letting people take data out of the building, no laptops, no USB drives, no DVD’s and no attachements. If you want the data to be compromised, let it be the old fashioned way via the internet.
Kyle Saia
You clearly don’t understand how any of this works. All data is required to be encrypted by contractors, and this kind of an announcement is to say that this encrypted data has been leaked.
They have to give this kind of warning because tomorrow there could be a flaw in the encryption type they used and then it would be a problem.
This is all par for the course in 2016. people loose laptops, thumb drives get washed and thrown out without being reported, and malware can get on your computer by visiting ANY website. To think that our data was safer before is misleading, our nations private information (like this article is about) is safer now than in any other point in our history.
Paul Ducklin
Is that true in the USA?
As far as I know in some/many/all EU countries you are effectively exempted from going public about a data breach if you can show that encryption was used in such a way as to make the stolen data as good as useless.
In other words, if all the crooks got was so much shredded cabbage, the “breach” isn’t considered a breach.
(Have I understood correctly here?)
ejhonda
Tom is right – there is a way. At the local US govt nuke facility, they simply do not allow computing devices – USB drives, laptops, cellphones, etc. – from entering the facility. Certainly cuts down on dumb moves like this one.
KB
Social security numbers should not be posted within programs within a computer, period, unless someone has a top security clearance to do so. In this case, the SSN should have stars, like ********** to block out all of the numbers but the last four, so that in the case the laptop or the program is breached, nobody can obtain the numbers. Type in the numbers twice can ensure the the number was correct in the case someone got it wrong the first time around. After that, nobody has access to it but those who need the information, and a special application can help with that which only security clearance folks can obtain, or a special code.