A U.S. Marine assigned to the cyber security technician course, Marine Corps Communications-Electronics School, work on an assignment at Marine Corps Base Twentynine Palms, California, March 15, 2017. (Lance Cpl. Jose Villalobosrocha/Marine Corps) The personal information of thousands of Marines, sailors and civilians, including bank account numbers, was compromised in a major data spillage emanating from U.S. Marine Corps Forces Reserve.
Roughly 21,426 people were impacted when an unencrypted email with an attachment containing personal confidential information was sent to the wrong email distribution list Monday morning.
The compromised attachment included highly sensitive data such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information, Maj. Andrew Aranda, spokesman for Marine Forces Reserve said in a command release.
That email was a roster sent out by the Defense Travel System, or DTS, Marine Corps Times has learned. DTS is a Defense Department system that assists military and civilian defense personnel with travel itineraries and settling expenses from official authorized trips.
“It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that received it,” Aranda said.
The email containing the data was sent within the usmc.mil official unclassified Marine domain, but also to some civilian accounts.
Personal information can be used by criminals or entities to steal identities, commit bank and credit fraud, or phishing schemes.
The Marines are still analyzing the extent of the spread of the sensitive data and plan to implement future changes to better safeguard personally identifiable information. But Aranda said he believed “no malicious intent was involved.”
However analyzing the full impact could prove to be a Sisyphean task. Once the data moves outside of the Marine domain there’s no telling how far it could spread.
“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information,” Aranda said.