Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Combat Support Agency Discloses 2019 Data Breach

The United States’ Defence Information Systems Agency (DISA) has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019.

The United States’ Defence Information Systems Agency (DISA) has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019.

DISA is a Department of Defense combat support agency that employs over 8,000 military and civilian personnel. According to its website, it “provides, operates, and assures command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure in direct support to joint warfighters, national level leaders, and other mission and coalition partners across the full spectrum of military operations.”

Reuters, which first reported the news, said the agency is responsible for secure communications for President Donald Trump.

In letters sent out recently to affected individuals, DISA informed them that their personal information, including social security numbers, may have been compromised as a result of a data breach impacting a system hosted by the agency. The timeframe of the incident was May to July, 2019.

No information has been provided on the type of data breach — it’s unclear if it was a malicious hacker attack or a case of information exposure resulting from an unprotected server — or the number of affected individuals.

“The information compromised seems to be non-critical to the function of the DoD (although very personal and private to the people compromised) so it may have been an external database without the same level of controls as internal secret information,” Chris Morales, head of security analytics at Vectra, told SecurityWeek.

DISA says it has found no evidence to suggest that the potentially stolen information has been misused, but its policy requires it to notify individuals whose personal data may have been compromised.

The organization says it has implemented additional security measures to prevent such incidents in the future, and is offering free credit monitoring services to affected individuals.

The Pentagon has been running bug bounty programs for several of its branches in an effort to identify vulnerabilities before they can be exploited by malicious actors. The programs covered assets of the Air Force, the Army, and the Marine Corps. Over the past few years, participants reported thousands of vulnerabilities and earned hundreds of thousands of dollars for their findings.

UPDATE. Fifth Domain has learned from the Pentagon that the incident impacted roughly 200,000 users. In addition, the breach appears to have involved an attack launched by a malicious actor. 

Related: Pentagon Reveals Cyber Breach of Travel Records

Related: US Toughens Background Check Process After Major Hack

Related: Outdated DoD IT Jeopardizes National Security: Report

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.