Us government subcontractor leaks confidential military personnel data _ zdnet

A Pentagon subcontractor has exposed reams of highly sensitive details belonging to active military healthcare professionals online, some of which hold top-secret security clearances.

Potomac Healthcare Solutions, a subcontractor brought on board to supply healthcare professionals to the US government and military organizations through its Washington, DC.-based contractor Booz Allen Hamilton, was the source of the data leak.

Chris Vickery, lead security researcher of the MacKeeper Security Center, who found the data, told ZDNet in an email that Potomac’s own insecure server was the source of the leak.

Samples of the leaked data provided by Vickery and also reviewed by ZDNet revealed that the personal data of US military personnel was open for all eyes to see, with little in the way to prevent it from being abused.

Many of the victims involved in the data leak are part of the US Special Operations Command (SOCOM), which includes those both formerly employed by US military branches, such as the Army, Navy, and Air Force, and those presumably still on active deployment.

Many of those named in the leaked personnel files are linked to SOCOM’s Preservation of the Force and Families (POTFF) program, a scheme that aims to ease the psychological and physical burdens often placed on military personnel and their families through unit-specific teams of healthcare professionals and counsellors.

The files include names of social workers, physical therapists, nurses and assistants, doctors, and psychologists, which alongside detail the states of their residency, pay scales, contract start and term dates, units and work locations.

The documents supplied by Vickery also revealed a “master tracking list” of POTFF personnel personal data and their security clearance levels.

Some of those possess “top secret” clearance, including access to sensitive compartmented information (TS/SCI) — typically only granted to vetted staff who are then hired to work on sensitive special access programs.

The master tracking list also exposed recruitment notes on candidates. Bitcoin s One such note described how a senior US military officer had “doubts” that an applicant would “ever be granted security clearance” in part because the applicant “only has dual citizenship due to being born to US military.”

Access to that level of information would be highly sought-after by a foreign power, which could use the information to target the military member for conducting espionage.

“It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information. Bitcoin technology explained Let’s hope that I was the only outsider to come across this gem. Bitcoin chart gbp Let’s really hope that no hostile entities found it,” he said.

Rather, it was the subcontractor’s own insecure server and use of “rsync,” a common protocol used for synchronizing copies of files between two different computers, which weren’t protected with a username or password.

Vickery said he believes the security failure could be down to a backup device of some kind which was misconfigured. Official bitcoin client He said that at least 11 gigabytes of data was exposed by the leaky system, but he added that he was not certain just how much sensitive information in total was available for the taking.

The consequences of the leak could be severe — not just for the healthcare personnel provider but the victims of information disclosure themselves.

This kind of data can be used in all manner of identity theft schemes and added to the release of security clearance levels to public eyes, staffers may have been placed at serious risk.

When reached, Burden said in an email that the company did “acknowledge” Vickery’s email, adding that the company was “addressing” the incident.

Booz Allen, the contractor that brought on Potomac, told ZDNet in an email that it was “looking into” the incident. Bitcoin price over time “We take any allegation of a data breach very seriously, including those from our subcontractors,” said a spokesperson.

(Booz Allen, too, has seen its fair share of leaks in the not-so-distant past. Bitcoin value calculator NSA whistleblower Edward Snowden leaked thousands of classified files to journalists while working for the Pentagon contractor in 2013. Bitcoin graph Recently, a second employee Harold Martin was arrested and charged with espionage for stealing terabytes of data from the NSA during two decades of employment.)

The realization that US military files have been left for all to see could make those in the forces who need help but do not want it to become public knowledge reluctant to seek assistance in the fear that the next military data breach will include their own case details.

As bad, given the job roles of individuals in the leak, it’s hardly difficult to imagine the files being used as an avenue to find, contact, blackmail and coerce military healthcare professionals into giving over insider information on the US military and employees.

Today’s terrorist activities and nation-state adversaries mean it’s trivial for data leaks to be utilized to personally target military personnel and their families.

“As a follow-up to the initial communication on this issue, Potomac Healthcare Solutions, with support from an external forensic IT firm, has completed its investigation of a security incident involving the unauthorized access of one of our internal servers. Bitcoin price volatility Despite earlier media reports, our review, which was immediately initiated after the initial questions were raised, has confirmed that the impacted server did not contain any classified government information or protected medical or personal data related to active duty military personnel or their families.”

It continued: “However, the affected server did contain files with data of a limited number of current and former Potomac employees’ personal information. What is bitcoin and blockchain While we have no evidence to suggest that any employee information has been used inappropriately, Potomac is in the process of proactively reaching out to impacted employees to provide guidance on how they can protect themselves and is offering complimentary credit monitoring and identity theft protection services to affected individuals.”