Cyber Incident Victim: United States Military
Date:
Oct 2018
Location:
United States of America
Summary
A breach impacting approximately 30,000 military and civilian personnel occurred when attackers compromised a third-party contractor to access travel-related data, stealing payment card details and personal information. The unauthorized access was detected through an ongoing investigation, with the number of affected individuals anticipated to increase. The contractor's network privileges were revoked while remaining under formal agreement, and the organization committed to notifying those impacted following further risk assessments. The incident highlighted vulnerabilities in external vendor access to sensitive systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 4, 2018, the U.S. Department of Defense discovered a breach involving unauthorized access to travel records of military and civilian personnel. Investigators determined that attackers compromised a third-party contractor with network access privileges, exploiting this vendor relationship to exfiltrate sensitive data. The stolen information included payment card details and personally identifiable information belonging to DOD personnel. Initial assessments indicated approximately 30,000 individuals were affected, though Pentagon officials cautioned this number might increase as their investigation progressed. The breach timeline and intrusion methods remained under active examination, with no public attribution of responsibility. Officials did not disclose the contractor's identity, citing the sensitivity of ongoing investigative and contractual proceedings.
In response to the incident, the Pentagon directed the third-party vendor to cease performance under existing contracts while maintaining the contractual relationship during the investigation. The DOD initiated risk assessments to determine potential harm to affected personnel and committed to issuing formal notifications once impact analysis concluded. This breach occurred alongside two significant contextual developments: A Gemalto report revealed over 4.5 billion records had been compromised globally during the first half of 2018, averaging nearly 7 million daily breaches. Simultaneously, a Government Accountability Office report highlighted critical cybersecurity vulnerabilities in the Pentagon's next-generation weapons systems, though no direct connection was established between these findings and the travel card breach. The department maintained operational security protocols while addressing the compromise of financial and personal data through established incident response channels.