Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Army Data Breach Exposes 36,000 Individuals

According to an Army spokesperson, 36,000 records maintained by CECOM (Communications-Electronics Command) and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR), were breached earlier this month by an unknown hacker or group of hackers.

According to an Army spokesperson, 36,000 records maintained by CECOM (Communications-Electronics Command) and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR), were breached earlier this month by an unknown hacker or group of hackers.

Army LogoThe breach targeted databases used by commands that were formerly based at Fort Monmouth, and according to the Asbury Park Press (APP), they contained information taken from Fort Monmouth visitor logs and personnel files.

Speaking to the APP, CECOM spokeswoman Andricka Thomas said the information compromised included “…a mix of full names, dates and places of birth, Social Security numbers, home addresses and salaries” that were stored in databases maintained by CECOM located at Aberdeen Proving Ground, Md.” 

“In civilian data theft cases, the stolen data is traded through criminal channels and across schemes to commit identity theft and fraud, often at great expense to the data owner, but highly lucrative to the data thieves. Here however we have something potentially more valuable to attackers interested in more aggressive pursuits: specific personal data on people related to US Army defense intelligence and communications infrastructure at CECOM and C4ISR,” Voltage Security’s Mark Bower noted in a blog post.

“To an offshore attacker, this kind of stolen data may streamline identity impersonation for highly targeted spear phishing, for example, to plant malware and trojans deeper into a network to steal secrets,” Bower added. “It may also play a role in even more sinister social engineering and manipulation to obtain new and nefarious ways to gain access to sensitive information and damage systems.”  

The Army’s Cyber Command is investigating the incident. Those affected will be offered credit monitoring for one year.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.