This is proof positive that no organization is safe from watchful hackers scattered all around the world.
The Associated Press report on the incident includes:
"The department is continuing to gather additional information about the incident, which involves the potential compromise of Personally Identifiable Information (PII) of DoD personnel maintained by a single commercial vendor that provided travel management services to the department. This vendor was performing a small percentage of the overall travel management services of the DoD...The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel."
While there's no good time for a data breach like this, it couldn't have come at a worse time. The Government Accountability Office (GAO) had issued a scathing report of critical vulnerabilities in virtually all of the weapons systems programs the agency currently runs.
A small excerpt of the report reads as follows:
"One test report indicated that the test team was able to guess an administrator password in nine seconds...Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the internet and gain administrator privileges for that software."
It gets worse. When confronted with the findings of the report, Pentagon officials dismissed the report as being unrealistic.
Clearly, there was something to the report, or this breach would not have happened. The hope is that it will be sufficient to cause Pentagon officials to do some soul searching and reevaluate their positions. If not, you can bet that something like this will happen again.