US Military Security Clearance Files Leak Due to Unsecured Drive

March 13, 2017

US Air Force documents were left on an unsecured backup drive, exposing highly sensitive personnel files on over 4,000 senior and high-ranking officers.

According to MacKeeper Security Researchers, the gigabytes of files were accessible to anyone because there was no password to protect the backup drive. It seems the information found there varied from names and addresses of officers, along with their ranks, to even Social Security numbers of over 4,000 officers.

Another file found on the same unprotected backup drive lists the security clearance levels of hundreds of officers, some with “top secret” clearance, which potentially makes them targets for those wanting to get their hands on such files.

Other spreadsheets contained contact information of staff and their spouses, along with private personal information and sensitive data.

Sensitive documents, free for everyone

The report indicates the drive belongs to a lieutenant colonel whose name was not published due to security reasons. Security researchers Bob Dianchenko notified the owner of the situation and the data was secured.

According to them, the most shocking document was a spreadsheet of open investigations which included the name, rank, location and a detailed description of the accusations. While some of the accusations were of discrimination, there were also some sexual harassment claims and others, even more serious.

“One example is an investigation into a Major General who is accused of accepting $50k a year from a sports commission that was supposedly funneled into the National Guard. There were many other details from investigations that neither the Air Force or those being investigated would want publically leaked,” the report reads.

Another file contains Defense Information System instructions for encryption key recovery, which is a step-by-step on how to regain access to an encrypted key, complete with all the URLs where someone can request information regarding a Common Access Card and Public Key Infrastructure.

Read full story…