Hewlett Packard Enterprise Services (HPES) notified the Navy in October that one of the company’s laptops was reported as compromised. The employee that had it was working on a project for the Navy. The enterprise along with the Naval Criminal Investigative Service (NCIS) discovered in November that unknown individuals accessed 134,386 current and former Sailors personal data.
On October 27, 2016, HPES informed the Navy that data from thousands of their Sailors was compromised. The names and social security numbers of the more than 130 thousand sailors were accessed from one of HPES laptops, and the investigation has not found out who was or were the perpetrators.
The NCIS investigation along with data from the enterprise inquiry announced Tuesday that Sailor’s information was hacked. The Navy stated that until now, there is now evidence to suggest misuse of the information that was accessed by the unknown individuals.
“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” said Chief of Naval Personnel Vice Adm. Robert Burke. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”
Security breach notification of #USNavy Sailors' personally identifiable information – https://t.co/4hIGW17qlk pic.twitter.com/yOJJlXyIXi
— U.S. Navy (@USNavy) November 23, 2016
The Navy is going to contact sailors who were affected by the situation, including those who are not longer serving the country. Men and women who were exposed in Hewlett-Packard Enterprise Services contract with the Navy will be notified about what happen by multiple means including phone, letter, and email.
The Navy stated in a press release that the agency is working to provide more information on the case. It also informed that it is reviewing credit monitoring service options for affected Sailors.
A Navy official said that the compromised information came from the Career Waypoints database, known as C-WAY. The database is used to submit re-enlistment and Navy Occupational Speciality requests, reports the Navy Times.
The compromised personal data of 134,386 Sailors is not the major breach the Navy has had working with HP
This is not the first time Navy information has been exposed because of Hewlett Packard Enterprise Services. The enterprise announced in 2013 that Iran managed to get into the Navy and Marine Corps’ Intranet. Next year the Wall Street Journal reported that the breach happened due to a poorly written contract with HPES.
The agreement did not oblige HPES to provide security for some of the Navy’s unclassified databases, exposing valuable information to anyone who wanted to access it. The miswritten contract attracted hackers to several Navy’s databases. It took the agency four months to expel the perpetrators out of the system.
Also in 2014 Chinese hackers had hacked the Office of Personnel Management’s computer system, compromising personal data of millions of troops. By 2015, during summer, it was confirmed that 18 million troops and federal workers personal data was stolen from the Office of Personnel Management without noticing it until it was too late. All the victims filled out security clearance paperwork to confirmed the hack.
Source: America’s Navy