The personal information of thousands of US Marines, sailors, and civilians was compromised after an unencrypted email was sent to the wrong email distribution list Monday morning.
The information included social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing addresses, residential addresses and emergency contact information, of roughly 21,426 people US Marine Forces Reserve Andrew Aranda said in a command release.
The email was a roster sent out by the US Defense Travel System (DTS) and was sent to the usmc.mil official unclassified Marine domain as well as to some civilian accounts. The mistake was quickly noticed and officials promptly implemented email recall procedures to reduce the number of accounts that received the information.
Despite the quick action it is possible that victims could still be affected latter on such as when ISIS posted a ‘kill list' of 41 Marines and sailors based on information gleaned from publicly accessible online forums and social media accounts.
Tripwire director Paul Edon told SC Media the military should be performing regular threat assessments on their systems due to the highly confidential data it stores.
“To reduce further exploitation, victims must change passwords and account details immediately,” Edon said. “With critical personal and financial data exposed it is strongly recommended victims continuously check their bank accounts and monitor for potential signs of identity theft, which in the moments after the breach, is when individuals are most vulnerable.”
In addition, the military should examine the level of admin privileges granted to individuals to avoid accidental data leaks occurring again.