The Defense Department’s technical arm suffered a data breach last summer that may have exposed Social Security numbers and other personally identifiable information of more than 200,000 people.
First reported by Reuters, the Defense Information Systems Agency acknowledged the breach in letters to affected employees this week dated Feb. 11—some of which ended up on social media—and said the breach occurred sometime between May and July 2019.
“While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised,” Defense Department spokesman Charles Pritchard told Nextgov in a statement. “Individuals possibly affected by this incident will receive letters containing initial notification of the situation. They will subsequently receive additional correspondence with information about actions that can be taken to mitigate possible negative impacts.”
DISA, which provides secure communications for the president, vice president and other senior White House staff, did not disclose which system was breached, the perpetrators or who may have had their data compromised. Roger Greenwell, DISA’s chief risk officer and chief information officer, said in letters to potential breach victims that the agency has “put additional security measures in place to prevent future incidents and we are adopting new protocols to increase protection of all PII.”
In a statement, Pritchard said the Defense Department “has conducted a thorough investigation of this incident and taken appropriate measures to secure the network.”