Sensitive information of more than 16,000 US Army personnel stationed
in South Korea, plus data on local employees and job applicants,
appears to have been compromised after databases loaded with names,
identification numbers and addresses were accessed by unauthorised and
unknown parties.
Specific details of how the 28 May raid was
launched were not disclosed. but banking details and classified data was
not compromised.
The Army's South Korean outpost apologised in a letter (PDF) to troops and job seekers signed by US Army Commander Curtis M Scaparrotti.
"United
States Forces Korea (USFK) was made aware of a potential theft of
personal information from the Korean National Recruitment System
maintained by the US Department of the Army," Scaparrotti said.
"We
deeply regret and apologise for any inconvenience and concern this
matter may cause you. USFK takes this compromise very seriously and is
reviewing policies and practices with a view of determining what must be
charged to preclude a similar occurrence in the future."
The Army
was consulting with senior US and Korean officials over the incident
and has pulled the affected machine from its network and switched to a
different system to handle employment applications.
One of the
most significant breaches to affect Defence occurred in 2008 when an
infected USB drive was plugged into a laptop at a US Army base in the
Middle East.
Deputy Defence secretary William Lynn said at the time the incident created a "digital beachhead" for further attacks and data exfiltration.
Another
major breach occurred in 2009, when a hard drive containing details on
70 million US Army Veterans was sent to a recycling plant without first
being irreversibly erased.
No comments:
Post a Comment