A security researcher at the MacKeeper Security Center has revealed a Pentagon subcontractor
exposed sensitive U.S. military healthcare personnel data thanks to an insecure server backup protocol.
MacKeeper's Chris Vickery determined that at least 11 gigabytes of confidential data — including that of active top-secret security clearance holders — became accessible because of a server misconfiguration by Booz Allen Hamilton subcontractor Potomac Healthcare Solutions, according to a Dec. 31 post by Charlie Osborne on ZDNet's Zero Day blog.
The leak — primarily of physical and mental health support staff — included names, contract types, Social Security numbers, duty start dates, billet numbers, unit assignments, places of work, pay scales, clearance levels and recruitment notes, among other items. Many of those with data leaked are part of the U.S. Special Operations Command's Preservation of the Force and Families program.
The data leaked could be used for identity theft, as well as targeting individuals to be blackmailed and coerced into espionage.
Potomac says it has addressed the leak after being alerted by Vickery, and Booz Allen Hamilton has told ZDNet it is researching the incident.
View the entire leak report.