Report: Army database housing sensitive data on major U.S. dams breached
The U.S. Army Corps of Engineers (USACE) has confirmed that a national database, which contains sensitive information on potentially hazardous U.S. dams, was accessed by an “unauthorized individual.”
On Wednesday, The Washington Free Beacon broke the news that the National Inventory of Dams (NID) was breached, and Pete Pierce, a USACE spokesman, told the news outlet in a statement that the intruder was given access to the database in January.
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce told the Free Beacon.
USACE has not released further details about the incident.
After discovering the breach, USACE “immediately revoked” the intruder's access to the database. The military command, which publishes the data for the NID database, also updated usernames and passwords to tighten security.
An announcement on the NID website notes account changes.
“All NID account usernames and passwords have changed to be compliant with recent security policy changes,” said the announcement. “All NID account usernames were changed to be the same as the e-mail address registered with the user account.”
Registered users received emails with new, temporary logins, the message said.
According to the Army Geospatial Center, an Army group that maintains 3D visualizations that aid in military operations, NID contains information on 84,000 dams that are “considered a significant hazard if they fail.”
The database is updated every two years and information collected –such as the dam's size, location, purpose, last inspection, regulatory information and other technical data –helps the military keep record of water barriers in danger of risking public safety or causing economic harm.
SCMagazine.com reached out to USACE, but did not immediately hear back.
UPDATE: In a Wednesday email, Pete Pierce, a USACE spokesman, said that an intruder using fraudulently obtained credentials was granted access to data "reserved for government users," but that the compromise does not threaten public safety.
"The information available in the NID does not present a threat to the public or critical infrastructure," Pierce said. "Following the incident, USACE re-validated that proper security protocols in the administration of access to the NID were in place."