Travel data belonging to a swathe of US government personnel and army officials has been exposed in a data breach, VPNMentor has said.
According to the cybersecurity firm, a travel services provider’s unsecured cloud server left around 179GB of data vulnerable; much of the information comprised personal details about civilians and soldiers in service.
VPNMentor says the information has now been secured, following an intervention by the US Department of Defence.
Among the data exposed are full names, birth dates, addresses, phone numbers and travel itinerary details, including details of flights to locations such as Moscow and Tel Aviv. Arrival times at hotels and, in some cases, room numbers, were also accessible, VPNMentor said.
Credit card details were also caught up in the incident, but these had been obscured with standard security systems.
Cyber-security gurus, Noam Rotem and Ran Locar say they discovered the database in question, and that through it they were able to see US government operations and movements of military personnel.
“For the US government, alarm bells should be ringing,” said Mr Rotem and Mr Locar.
Personal information relating to 100,000 trips scheduled for civilians was also left vulnerable, the pair said.
VPNMentor says it sent notification of the cybersecurity breach to AutoClerk, but that no response has yet been received from the travel company. VPNMentor also says that the US Computer Emergency Response Team and the US Department of Defence were told of the occurrence. Database access became restricted shortly after officials at the Pentagon were notified.
Despite being asked for comment, neither AutoClerk nor parent company, Best Western has yet provided an official statement regarding the data breach.
The post #Privacy: US army data breach compromises private information appeared first on PrivSec Report.