pentagon-data-breach-exposed-travel-data-for-30000-individuals
Pentagon official said on Friday that the Department of Defense had suffered a security breach thanks to a third-party contractor.  Pentagon disclosed a data breach that allegedly affected 30,000 military and civilian workers at the U.S. Department of Defense. As disclosed by Associated Press,  some unknown hackers supposedly pilfered personal and card details of the DOD staff by compromising their travel records. Lt. Col. Joseph Buccino, a Pentagon spokesman, confirmed the breach to the Associated Press, which first reported the incident. He described the attack as "a breach of a single commercial vendor that provided service to a very small percentage of the total population." 

An investigation is still underway, Pentagon stated that DOD came to know of the breach on October 4, 2018, after their cyber team informed them. Initial investigations reveal the count of affected staff to be 30,000. Nonetheless, since the investigations are underway, This number is expected to grow as the Pentagon's investigation continues."This activity won't stop. In fact, left unchecked it will get worse. 

Increasing cybersecurity risk necessitates that we stop talking and start deploying known best practices that can afford some protection," Kothari continued. "These include end-to-end encryption of data -- both in the cloud and on-premises -- the use of two-factor authentication, network segmentation and more." The DOD said it plans to notify all impacted personnel in the coming days, and also provide free fraud protection services, in concordance with US legislation.

Lt. Col. Joseph Buccino, a Pentagon spokesman, said the DOD "has taken steps to have the vendor cease performance under its contracts," although the vendor remains under contract. The Pentagon's card breach disclosure comes after a Government Accountability Office (GAO) report, also published this week, concluded that the Pentagon's upcoming next-generation weapons systems are very easy to hack due to improper cyber-security protections.