Data breach in not unusual nowadays. It's one thing to be hacked because a hacker worked his/her way through a weak cybersecurity. It's another thing to have a data breach because of a lapse. The US Navy has announced that more than 130,000 of their sailor's data were breached. Apparently, the Hewlett Packard Enterprise Services (HPES) has already notified the Navy back on Oct. 27.
Prior to this date, HPES discovered that "one of the company's laptops operated by their employee supporting a Navy contract was reported as compromised", according to the press release on the Navy's website. By Nov. 22, it was revealed that "sensitive information including names and Social Security Numbers (SSNs)" were breached. The data of the 134,386 current and former Sailors were apparently accessed by "unknown individuals". This is based on the analysis of the HPES and ongoing investigation of the Naval Criminal Investigative Service (NCIS).
A Navy official told the Navy Times that the data were accessed from the Career Waypoints database called C-WAY. This is where sailors actually submitted their re-enlistment and Navy Occupational Specialty requests.
Chief of Naval Personnel Vice Adm. Robert Burke assured that they are "working quickly to identify and take care of those affected". The Navy will be notifying the affected sailors of the incident in the coming weeks. They will be contacted through phone, letter and email. They will be provided with details on what happened that the Navy itself is still working on. The Navy will also review credit monitoring service options for them.
Apparently, the investigation is still in its early stages. Though they say that there has been no evidence yet of any misuse of the information that was compromised. The Navy Times pointed out that this is at least the second major breach of the Navy that is connected to "its contracting activities with Hewlett Packard".
It should be noted that there was an incident back in 2013 when the Navy and Marine Corp's unclassified Intranet were breached by none other than Iran. The cause was only disclosed the next year by the Wall Street Journal. It was blamed on the Navy's written contract with HP. The loophole in the contract is the fact that HP was not able to provide security for those unclassified databases since they were not required to. Considering how cunning hackers are, it took four months before it was resolved.
Iran is not the only one interested in hacking through the US databases. China and Russia are definitely on the list too. In fact, Chinese hackers were able to hack the computer systems of the Office of Personnel Management. Eventually, the damage showed that 18 million troops and federal workers had their data stolen from them. What's even worse is that the hackers had the access for more than a year. The Navy Times further reports that it was "one of the largest breaches of federal data in history". The NCIS is yet to finish their investigation. Whatever the result will be, another data breach in the future will be unacceptable.
Russia is even a bigger threat to the country's classified information. There were reports that Russia tried to interfere during the US Presidential Election according to intelligence officials. At the time, US was ready to retaliate. Not only the data will be compromised but the safety of the entire US. It's important to build a strong cybersecurity. Any vulnerabilities in the system will give a chance for the wrong people to exploit what they can get out of it.
