The Pentagon on Friday said there has been a cyber breach of Defense Department travel records that compromised the personal information and credit card data of U.S. military and civilian personnel.
According to a U.S. official familiar with the matter, the breach could have affected as many as 30,000 workers, but that number may grow as the investigation continues. The breach could have happened some months ago but was only recently discovered.
The official, who spoke on condition of anonymity because the breach is under investigation, said that no classified information was compromised.
According to a Pentagon statement, a department cyber team informed leaders about the breach on Oct. 4.
Lt. Col. Joseph Buccino, a Pentagon spokesman, said the department is still gathering information on the size and scope of the hack and who did it.
“It’s important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population” of Defense Department personnel, said Buccino.
The vendor was not identified and additional details about the breach were not available.
“The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel,” said the statement, adding that affected individuals will be informed in the coming days and fraud protection services will be provided to them.
Buccino said that due to security reasons, the department is not identifying the vendor. He said the vendor is still under contract, but the department “has taken steps to have the vendor cease performance under its contracts.”
Disclosure of the breach comes on the heels of a federal report released Tuesday that concluded that military weapons programs are vulnerable to cyberattacks and the Pentagon has been slow to protect the systems. And it mirrors a number of other breaches that have hit federal government agencies in recent years, exposing health data, personal information, and social security numbers.
The U.S. Government Accountability Office in its Tuesday report said the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The audit, conducted between September 2017 and October 2018, found that there are “mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats.”
In 2015, a massive hack of the federal Office of Personnel Management, widely blamed on China’s government, compromised personal information of more than 21 million current, former and prospective federal employees, including those in the Pentagon. It also likely occurred months before it was discovered and made public, and it eventually led to the resignation of the OPM director.
Also that year, hackers breached into the email system used by the Joint Chiefs of Staff, affecting several thousand military and civilian workers.
The Defense Department has consistently said that its networks and systems are probed and attacked thousands of times a day.

More from Associated Press
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- South Dakota’s Noem Says Cell Phone Number Hacked
- Learning to Lie: AI Tools Adept at Creating Disinformation
- Microsoft Invests Billions in ChatGPT-Maker OpenAI
- Mississippi Creates New Cyber Unit, Names 1st Director
- FBI Chief Says He’s ‘Deeply concerned’ by China’s AI Program
- Ransomware Shuts Hundreds of Yum Brands Restaurants in UK
- EU’s Breton Warns TikTok CEO: Comply With New Digital Rules
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
