The U.S. Navy has launched an investigation into a data breach involving the personal information of more than 130,000 current and former sailors.
The organization was informed by Hewlett Packard Enterprise Services on October 27 that the laptop of an employee supporting a Navy contract had been “compromised.” An investigation revealed that the device contained the personal details, including names and social security numbers (SSNs), of 134,386 current and former sailors.
Affected individuals will be notified in the upcoming weeks via phone, email and letters. While there is no evidence that the compromised information has been misused, the Navy says it’s looking into credit monitoring service options for impacted sailors.
“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” stated Chief of Naval Personnel Vice Admiral Robert Burke. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”
While the Navy has not shared any details about the breach and what “compromised” means, Reuters reported that the laptop in question was hacked. The Navy Times learned from an unnamed official familiar with the investigation that the exposed data came from the Career Navigator (C-NAV) database.
HPE has declined to comment, citing an ongoing investigation. The company and its Next Generation Enterprise Network (NGEN) partners secured a 5-year contract with the Navy in 2013. When announced, the contract was valued at roughly $3.45 billion and it covered IT services and support for 800,000 sailors, marines and civilians in the U.S., Hawaii and Japan.
Several data breaches affecting the Navy were disclosed in the past decade, including cyberattacks and incidents involving stolen laptops. In 2012, Iran-linked hackers gained access to the Navy’s unclassified Navy Marine Corps Intranet and it took the organization nearly four months to clean up the compromised machines.
Related Reading: Sofacy Threat Group Targets US Government
Related Reading: U.S. Government Targeted With GovRAT 2.0 Malware
Related Reading: Iran-Linked Attackers Target Government Organizations
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
