The Ministry of Defense has sent a warning letter to thousands of current and former employees about the leak of their personal information. DefenseScoop reported on Tuesday. Although the department first discovered the incident in early 2023, the notices didn’t start going out until earlier this month. More than 20,000 people appear to have been affected by the breach.
The email messages were “inadvertently exposed to the Internet” by a Defense Department “service provider,” the letter explained. The emails contained personally identifiable information. Although the agency does not specify what type of information, PII generally includes information such as social security numbers, home addresses or other sensitive details. “While there is no evidence that PII has been misused, the department is notifying individuals whose PII has been compromised as a result of this unfortunate situation,” the letter states. It urges affected parties to register to protect against identity theft.
according to TechCrunch, the breach was caused by an unsecured cloud email server that leaked sensitive emails to the internet. microsoft server, it is probably configured incorrectlyIt can be accessed from the internet without much like a password.
“As a matter of practice and operational security, we do not comment on the status of our networks and systems. The affected server was identified on February 20, 2023 and has been removed from public access, and the vendor has resolved the issues that resulted in the problem being exposed,” the Ministry of Defense said in a statement. “DOD continues to engage with service providers to improve cyber incident prevention and detection. Notification to affected individuals is ongoing.”