The U.S. Department of Defense suffered a data breach through a third-party vendor resulting in at least 30,000 service members and employees having some of their personal and payment card information compromised.
The Pentagon leadership was informed of the breach on October 4 that the unnamed vendor was compromised exposing the PII and credit card information of the military members and civilian workers, according to the Associated Press. The type of attack has not been released, but on source told The AP that no classified data was involved.
A Pentagon spokesman told The AP that the vendor in question is still under contract, but the DoD has taken steps to cut ties with the company.
Hackers target contractors because they are often thought of as the weakest link in the government supply chain," Jake Olcott, Bitsight's VP of Strategic Partnerships.
Pentagon and federal employees are no strangers to having their personal information exposed. In 2015 21.5 million current and former government employees were involved in the Office of Personnel Management data breach.
"The treasure trove of personally identifiable data on the Dark Web just continues to grow, enabling fraudsters and steal identities or create new, synthetic identities using a combination of real and made-up information, or entirely fictitious information. For example, the personal and credit card information obtained in the DoD breach could be cross-referenced with data obtained from the OPM breach and other widely publicized private sector breaches,” said Michael Magrath, OneSpan’s director, global regulations and standards.