Sensitive details of health workers employed by the US military’s Special Operations Command (Socom) have been exposed in a data breach.
The 11GB of data included social security numbers, names, addresses and salaries of some Socom staff.
All the workers, including some with top secret clearances, were employed by subcontractor Potomac Healthcare.The company has now removed the data and said it was investigating the breach.
The cache of data was found unprotected on the net by researcher Chris Vickery, from security company MacKeeper.
It included details of nurses, doctors and mental health support staff as well as unit assignments and postings dating back to 1998.
The data appears to have been exposed when Potomac IT staff misconfigured a data back-up.
In a blog about the find, Mr Vickery said he had attempted to get the “publicly exposed” data taken off the net by contacting Potomac’s chief executives.
Initially, Potomac had not seemed to take seriously his warnings that making the data public was a risk to national safety, wrote Mr Vickery.
After an hour, he had alerted other government agencies. And 30 minutes later, the data had disappeared.
The sensitive nature of the information, including security clearances and the deployment locations of staff, would make it very attractive to “hostile entities”, said Mr Vickery.
“Let’s hope that I was the only outsider to come across this gem,” he wrote.
Potomac acknowledged Mr Vickery’s help and said it was “addressing” the incident, in correspondence with tech news site ZDNet.Booz Allen Hamilton, the contractor for whom Potomac is a sub-contractor, said it was also investigating.