According to a DISA Feb. 11 letter that was sent to individuals whose personal information “may have been compromised,” the breach occurred between May and July last year. The letter further stated that DISA has since improved its security measures and protocols and that potential victims of identity theft would receive free credit monitoring.
In an email to Government Technology, DoD spokesman Chuck Prichard didn’t reveal whether the breach involved more sensitive records than nonsensitive records, but he said the personally identifiable information “included names and Social Security numbers.”
Prichard said that while DoD and DISA take cybersecurity and breaches “very seriously,” they do not plan on revealing certain details about this incident.
“For operational security reasons, the department does not comment on the actions taken to mitigate risks or vulnerabilities,” he said.
In a news and career advice article for ClearanceJobs, a defense- and security-focused job networking site, former senior military strategist Steve Leonard said he received the DISA letter and was not satisfied with its message.
“For once, I’d like to receive a letter that actually explained what happened,” Leonard said in his article. “In this case, the breach occurred months ago, plenty of time for DISA to identify the cause of the breach and offer some sort of explanation.”
Last year was notable for the number of data breaches, according to multiple sources. Earlier this month, company Risk Based Security stated that 15.1 billion records were reportedly exposed by breaches in 2019, a 284 percent jump from 2018. A report from nonprofit Identity Theft Resource Center estimates that the U.S. government and military experienced 83 data breaches in 2019, which accounted for 5.6 percent of the year’s total breaches and resulted in the exposure of 3.6 million sensitive records.