According to the US Army one of their databases was breached exposing the personal information for at least 1600 soldiers.
From FCW:
Soldiers who registered with, or participated in, the Army-sponsored Operation Tribute to Freedom program during the past five years may be affected by the security breach, Army officials said March 10. The service is notifying those soldiers about the issue through e-mail messages and letters.
The information that may have been breached includes the service members’ names, e-mail messages, phone numbers, home addresses, awards received, ranks, gender, ethnicity, and dates the soldiers deployed and returned from their deployment, Army officials said.
No SSN? That is a fair amount of personal information nonetheless.The part that makes me smile is the inevitable spin in a piece such as this. “The Criminal Investigation Command is investigating how the password-protected, secure Web-based information was penetrated.” Um, yeah.
I once did a test on a US military web facing system and was asked to breach it. I went for the low hanging fruit right out of the gate. Sure enough I was able to gain access.
Username: Admin
Password: abc123
Number of attempts: 1
Priceless.
Letters AND numbers isn’t that a secure password?
Must have been a lucky first guess..
@Matt
Must have been. My next choice would have been “testing123” and then “qwerty”.
😉
Interesting. How long ago was this? I’ve worked with these guys a lot over the past few years and they’ve got some top notch security requirements.
Of course but, like any organization there are weak links. Requirements and execution of same tend to be at odds sometimes.
The project I worked on (2000) was not public facing at the time of testing. Problems were rectified before going live.