Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

U.S. Navy Warns 130,000 Sailors of Data Breach

The U.S. Navy has launched an investigation into a data breach involving the personal information of more than 130,000 current and former sailors.

The U.S. Navy has launched an investigation into a data breach involving the personal information of more than 130,000 current and former sailors.

The organization was informed by Hewlett Packard Enterprise Services on October 27 that the laptop of an employee supporting a Navy contract had been “compromised.” An investigation revealed that the device contained the personal details, including names and social security numbers (SSNs), of 134,386 current and former sailors.

Affected individuals will be notified in the upcoming weeks via phone, email and letters. While there is no evidence that the compromised information has been misused, the Navy says it’s looking into credit monitoring service options for impacted sailors.

“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” stated Chief of Naval Personnel Vice Admiral Robert Burke. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”

While the Navy has not shared any details about the breach and what “compromised” means, Reuters reported that the laptop in question was hacked. The Navy Times learned from an unnamed official familiar with the investigation that the exposed data came from the Career Navigator (C-NAV) database.

HPE has declined to comment, citing an ongoing investigation. The company and its Next Generation Enterprise Network (NGEN) partners secured a 5-year contract with the Navy in 2013. When announced, the contract was valued at roughly $3.45 billion and it covered IT services and support for 800,000 sailors, marines and civilians in the U.S., Hawaii and Japan.

Several data breaches affecting the Navy were disclosed in the past decade, including cyberattacks and incidents involving stolen laptops. In 2012, Iran-linked hackers gained access to the Navy’s unclassified Navy Marine Corps Intranet and it took the organization nearly four months to clean up the compromised machines.

Related Reading: Sofacy Threat Group Targets US Government

Advertisement. Scroll to continue reading.

Related Reading: U.S. Government Targeted With GovRAT 2.0 Malware

Related Reading: Iran-Linked Attackers Target Government Organizations

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...