Potomac Healthcare Solutions, a Pentagon subcontractor, exposed “reams of highly sensitive details belonging to active military healthcare professionals online, some of which hold top-secret security clearances,” according to this zdnet.com story.
The lead security researcher for MacKeeper Security Center, found the data and then alerted ZDNet to it in an email. Potomac’s own insecure server was the source of the leak, according to the story. Vickery provided samples of the data to ZDNet, which reveal personal data of U.S. military personnel.
According to the ZDNet story:
“Many of the victims involved in the data leak are part of the US Special Operations Command (SOCOM), which includes those both formerly employed by US military branches, such as the Army, Navy, and Air Force, and those presumably still on active deployment.”
Most of the data is military personnel files and lists of physical and mental health support staff, but there’s also names, contract types, social security numbers and duty start dates included.
Vickery described the incident and its implications in a blog post on mackeeper.com, where he says “not a single username or password was guarding this intel, which weighed in at over 11 gigs.” The data also included “the names and locations of at least two Special Forces data analysts with Top Secret government clearance,” he writes.
When Vickery contacted the company’s CEO to report what he’d found, he wasn’t taken seriously, he writes.
He then sent an email that included their Social Security Numbers, home addresses, dates of birth and phone numbers. He waited an hour and when the information was still available, he contacted whom he describes as Potomac’s “bosses.” The files were taken down soon after.
Potomac responded to ZDNet’s request for comment, saying this:
“We are aware of the report from an independent security researcher alleging an unauthorized exposure of sensitive government information. Upon learning of the allegation, we immediately initiated an internal review and brought in an external forensic IT firm for additional support. While our investigation remains ongoing, based on our initial examination, despite these earlier reports, we have no indication that any sensitive government information was compromised. The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns.”
Are you covered for identity theft?
Image: Pixabay