The US Navy has confirmed that it is investigating how personal information on more than 100,000 Navy and Marine Corp personnel was posted on a public website for more than six months.
The security breach follows May’s massive data security scandal at the US department of Veterans’ Affairs, which saw the theft of 26.5 million former US soldiers’ records. The electronic data – including names, social security numbers and dates of birth – was stolen from the home of a department data analyst during a burglary.
Full names and social security numbers of current Navy and Marine Corp aviators – and those who have served over the past 20 years – have been available on the official Naval Safety Center site since last December.
The information was also inadvertently sent out to Navy commanders on more than 1,000 discs that were supposed to form part of a web-enabled safety programme.
The information on Navy and Marine Corp personnel was removed from the website on Thursday and the discs are being recalled. A Naval Safety centre spokesperson said the data was “inadvertently included in a file that was then posted on the web”.
The Navy is writing to affected personnel and has set up a 24-hour call centre to deal with enquiries. Navy and Marine Corp aviators are being urged to monitor their bank accounts, credit card accounts and other financial transactions.
Read more on IT risk management
A USB memory stick containing details of Royal Navy personnel was handed in to police after being offered up for sale, according to a report in the Observer.