Security Experts:

U.S. Navy Warns 130,000 Sailors of Data Breach

The U.S. Navy has launched an investigation into a data breach involving the personal information of more than 130,000 current and former sailors.

The organization was informed by Hewlett Packard Enterprise Services on October 27 that the laptop of an employee supporting a Navy contract had been “compromised.” An investigation revealed that the device contained the personal details, including names and social security numbers (SSNs), of 134,386 current and former sailors.

Affected individuals will be notified in the upcoming weeks via phone, email and letters. While there is no evidence that the compromised information has been misused, the Navy says it’s looking into credit monitoring service options for impacted sailors.

“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” stated Chief of Naval Personnel Vice Admiral Robert Burke. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”

While the Navy has not shared any details about the breach and what “compromised” means, Reuters reported that the laptop in question was hacked. The Navy Times learned from an unnamed official familiar with the investigation that the exposed data came from the Career Navigator (C-NAV) database.

HPE has declined to comment, citing an ongoing investigation. The company and its Next Generation Enterprise Network (NGEN) partners secured a 5-year contract with the Navy in 2013. When announced, the contract was valued at roughly $3.45 billion and it covered IT services and support for 800,000 sailors, marines and civilians in the U.S., Hawaii and Japan.

Several data breaches affecting the Navy were disclosed in the past decade, including cyberattacks and incidents involving stolen laptops. In 2012, Iran-linked hackers gained access to the Navy’s unclassified Navy Marine Corps Intranet and it took the organization nearly four months to clean up the compromised machines.

Related Reading: Sofacy Threat Group Targets US Government

Related Reading: U.S. Government Targeted With GovRAT 2.0 Malware

Related Reading: Iran-Linked Attackers Target Government Organizations

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.