Cyber Incident Victim: United States Army
Date:
May 2014
Location:
South Korea
Summary
The U.S. Army disclosed a potential compromise of a recruitment database affecting approximately 16,000 South Korean civilian employees and applicants for military base positions, involving unauthorized access to personal information including names, contact details, education and employment history, and national identification numbers. The breach impacted the Korean National Recruitment System linked to a Civilian Human Resources Agency server in the Far East, prompting immediate offline measures, an ongoing investigation, and policy reviews by U.S. Forces Korea to address vulnerabilities, with notifications issued to South Korean authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 28, 2014, the U.S. Army discovered a potential compromise of the Korean National Recruitment System, a database containing sensitive information on approximately 16,000 South Korean civilian employees and applicants for positions with the U.S. military in South Korea. General Curtis M. Scaparrotti, commander of U.S. Forces Korea (USFK), confirmed the breach through an official letter to affected individuals, noting the intrusion may have occurred via a server operated by the Civilian Human Resources Agency Far East. This agency managed civilian hiring for U.S. military installations in both South Korea and Japan. The compromised data included full names, contact details, educational backgrounds, employment histories, and Korean Identification Numbers—a critical national identifier equivalent to a Social Security number in South Korea. The breach exposed applicants and employees to potential identity theft and fraud risks due to the sensitivity of the national ID numbers. No evidence suggested military personnel records or classified systems were affected.
Upon detecting the breach, USFK immediately took the recruitment system offline to prevent further unauthorized access and initiated a formal investigation to determine the intrusion's origin and full scope. South Korean government authorities received prompt notification of the incident in accordance with data protection protocols. General Scaparrotti emphasized the command's serious stance toward the breach, stating USFK would comprehensively review existing hiring-system policies and operational practices to implement necessary security improvements. The incident highlighted vulnerabilities in systems managing civilian personnel data for overseas military operations, though no specific threat actors or attack methods were publicly identified during the initial response phase. Civilian applicants and employees awaited further updates as forensic analysis continued without an estimated completion timeline provided in the initial disclosure.