US military leak exposes ‘holy grail’ of security clearance files
Zack Whittaker reports:
A unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.
Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers.
The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims.
So will the Air Force contact MacKeeper or Zack and ask them who the apparent owner of the misconfigured Rsync backup is? Will they send folks to MacKeeper and Zack’s to obtain the files?
What will the Air Force do in terms of any discipline of the unnamed officer who appears to own the backup? And what will the Air Force do to prevent another breach like this?