The agency that secures the U.S. military’s IT infrastructure across the globe says sensitive personal data, including Social Security numbers, hosted on its network may have been compromised in a breach between May and July 2019.
The Defense Information Systems Agency notified potential victims of the breach in a letter this month, saying it had tightened protocols for protecting personally identification information (PII) because of the incident.
“We take this potential data compromise very seriously,” DISA Chief Information Officer Roger Greenwell said in the letter seen by CyberScoop.
There is no evidence that compromised PII has been used maliciously, he said, adding that potential victims will have access to free credit monitoring. Personal data about U.S. government personnel and contractors could be valuable to foreign intelligence agencies and financially-motivated criminals alike.
“DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network,” an agency spokesperson said in a statement.
There have been multiple publicly reported breaches of Pentagon contractors in the last year. Miracle Systems, which provides IT services to the U.S. Air Force and Army, had one of its internal servers breached. In a separate incident revealed in October, a travel records system at the Department of Defense was breached in an incident that reportedly affected tens of thousands of department personnel.
Reuters was first to report on the DISA security incident.