The United States’ Defence Information Systems Agency (DISA) has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019.
DISA is a Department of Defense combat support agency that employs over 8,000 military and civilian personnel. According to its website, it “provides, operates, and assures command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure in direct support to joint warfighters, national level leaders, and other mission and coalition partners across the full spectrum of military operations.”
Reuters, which first reported the news, said the agency is responsible for secure communications for President Donald Trump.
In letters sent out recently to affected individuals, DISA informed them that their personal information, including social security numbers, may have been compromised as a result of a data breach impacting a system hosted by the agency. The timeframe of the incident was May to July, 2019.
No information has been provided on the type of data breach — it’s unclear if it was a malicious hacker attack or a case of information exposure resulting from an unprotected server — or the number of affected individuals.
“The information compromised seems to be non-critical to the function of the DoD (although very personal and private to the people compromised) so it may have been an external database without the same level of controls as internal secret information,” Chris Morales, head of security analytics at Vectra, told SecurityWeek.
DISA says it has found no evidence to suggest that the potentially stolen information has been misused, but its policy requires it to notify individuals whose personal data may have been compromised.
The organization says it has implemented additional security measures to prevent such incidents in the future, and is offering free credit monitoring services to affected individuals.
The Pentagon has been running bug bounty programs for several of its branches in an effort to identify vulnerabilities before they can be exploited by malicious actors. The programs covered assets of the Air Force, the Army, and the Marine Corps. Over the past few years, participants reported thousands of vulnerabilities and earned hundreds of thousands of dollars for their findings.
UPDATE. Fifth Domain has learned from the Pentagon that the incident impacted roughly 200,000 users. In addition, the breach appears to have involved an attack launched by a malicious actor.
Related: Pentagon Reveals Cyber Breach of Travel Records
Related: US Toughens Background Check Process After Major Hack
Related: Outdated DoD IT Jeopardizes National Security: Report

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
- Apple Patches Exploited iOS Vulnerability in Old iPhones
- FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
