A security researcher at the MacKeeper Security Research Center has revealed a Pentagon subcontractor exposed sensitive U.S. military health care personnel data thanks to an insecure server backup protocol.
MacKeeper's Chris Vickery determined that at least 11 gigabytes of confidential data — including that of active top-secret security clearance holders — became accessible because of a server misconfiguration by Booz Allen Hamilton subcontractor Potomac Healthcare Solutions, according to a Dec. 31 post by Charlie Osborne on ZDNet's Zero Day blog.
The leak — primarily of physical and mental health support staff — included names, contract types, Social Security numbers, duty start dates, billet numbers, unit assignments, places of work, pay scales, clearance levels and recruitment notes, among other items. Many of those with data leaked are part of the U.S. Special Operations Command's Preservation of the Force and Families program.
The data leaked could be used for identity theft, as well as targeting individuals to be blackmailed and coerced into espionage.
Potomac says it has addressed the leak after being alerted by Vickery, and Booz Allen Hamilton has told ZDNet it is researching the incident.
Potomac Healthcare acknowledged the report and said in a statement: "While our investigation remains ongoing, based on our initial examination, despite these earlier reports, we have no indication that any sensitive government information was compromised. The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns."