Cyber Incident Victim: United States Department of Defense
Date:
Sep 2015
Location:
United States of America
Summary
Hackers breached computer systems at Pentagon food courts, compromising employees' bank account and payment card information, with fraudulent charges appearing shortly after legitimate transactions. The Pentagon Force Protection Agency initiated an investigation to determine the scope of impacted individuals and affected concessions, while urging personnel to report suspicious account activity. Separately, a cyberattack attributed to a likely state actor infiltrated the Joint Chiefs' unclassified email network, prompting its prolonged shutdown for security remediation; officials confirmed no exposure of classified strategic communications or operational data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-to-late August 2015, the Pentagon Force Protection Agency (PFPA) detected a pattern of fraudulent credit card charges reported by Department of Defense personnel. Investigations revealed that point-of-sale systems in the Pentagon's food court concessions had been compromised by hackers, exposing bank account information from employees who used credit or debit cards for purchases. The breach timeline and precise number of affected individuals remained undetermined as of September 8, 2015, though fraudulent activity consistently occurred shortly after legitimate transactions at Pentagon facilities. Defense Department spokesman Lt. Col. Tom Crosson confirmed the compromise on September 8, notifying personnel about potential theft of financial data. The PFPA initiated an investigation that was still ongoing as of the announcement, with officials unable to confirm which specific food vendors or concession locations within the Pentagon complex were impacted. Employees received instructions to report any fraudulent charges occurring within 120 days and within 48 hours of a Pentagon purchase to a dedicated PFPA email address ([email protected]) for investigation purposes.
This incident occurred against the backdrop of another significant cybersecurity event affecting Pentagon systems. During summer 2015, prior to the food court breach disclosure, the Joint Chiefs of Staff's unclassified email network was compromised in a sophisticated cyberattack bearing characteristics of state-sponsored activity, with Russia suspected as the likely perpetrator. The email system remained offline for multiple weeks while security teams conducted remediation efforts, including vulnerability patching and network hardening. Officials emphasized this email breach did not compromise classified materials or strategic communications related to military operations. Both incidents highlighted systemic cybersecurity challenges, though authorities maintained a clear operational distinction between the food court's compromised commercial payment systems and the separate military email network intrusion. The PFPA continued investigating the financial data theft while implementing standard fraud monitoring protocols for affected personnel.