SC Magazine: U.S. Air Force personnel data exposed on internet

March 14, 2017 — U.S. Air Force personnel data exposed on internet

The Guru reached out to the cybersecurity industry to get thoughts on the River City Media database leak. NuData’s Robert Capps comments.

A United States Air Force officer mistakenly exposed not only the personally identifiable information (PII) of many service members, but also the records of on-going criminal investigations and instructions for recovering encryption keys for military documents.

The data was discovered by MacKeeper Security located on a misconfigured storage device, since taken offline, owned by an unnamed lieutenant that was inadvertently made public on the internet.  Among the files were Personnel by Eligibility and Access reports that contained the names, rank and Social Security numbers of service members.

Even more revealing were scores of documents related to on-going criminal investigations that range from sexual harassment cases to an inquiry of a major general who allegedly accepted $50,000 a year from a sports commission that was supposedly funneled into the National Guard, MacKeeper reported. Also included was the PII of those being investigated. Further details were not available to explain the case.

Robert Capps, VP of business development at NuData Security:

“This is a serious data leak, which allows nation states to target high-value military personnel for additional attacks and surveillance. If that weren’t bad enough, this highly detailed data could potentially be combined with stolen personal data from other data breaches already available on the dark web to create rich profiles of these individuals,” said Robert Capps, VP of business development for NuData Security to SC Media.

Once created these profiles could allow enemies and criminals to track the service member and also steal their identities, he added.

For the complete article, go here.