The US Department of Defense has suffered a major breach of employee’s personal and financial information, according to reports.
An unnamed official told AP that the incident may have affected as many as 30,000 civilian and military personnel.
A statement seen by the newswire confirmed that the incident had been discovered at the beginning of October, although it’s not clear when the breach took place.
“The department is continuing to gather additional information about the incident, which involves the potential compromise of personally identifiable information (PII) of DoD personnel maintained by a single commercial vendor that provided travel management services to the department,” the statement noted. “This vendor was performing a small percentage of the overall travel management services of DoD.”
The vendor is not being disclosed for security reasons but the Pentagon is said to be taking steps to cancel its contract.
“The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel,” the statement continued.
The news comes just days after a damning Government Accountability Office (GAO) report found critical vulnerabilities in nearly all weapons systems under development.
It claimed the Pentagon is only “just beginning to grapple" with the challenges highlighted in the report.
“One test report indicated that the test team was able to guess an administrator password in nine seconds,” the GAO claimed. “Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the internet and gain administrator privileges for that software.”
To add insult to injury, when confronted with the findings, weapons program officials are said to have dismissed some test results as “unrealistic.”