Your PII Is At Risk
If the damn Office of Personnel Management (OPM) data breach in 2015 where 22.1 million records were breached wasn’t bad enough, It looks like 39,000 records from I Marine Expeditionary Force were compromised in May.
It looks like, on May 9, Combat Logistics Regiment 17, part of the 1st Marine Logistics Group at Camp Pendleton sent a single unencrypted email to approximately 250 Defense Travel System travel (DTS) administrators. The DTS administrators were told to delete this message in a later email message.
The email included variations of the following traveler PII: name, SSN, Electronic Data Interchange Personal Identifiers (EDIPI), personal mailing address and phone number, truncated government travel card numbers and expiration dates, and personal checking account and saving account and routing numbers.
It took three days for the Marine Corps to notice this mistake.
The U.S. Military has a very strict PII program and all emails being sent that contain PII, not only need to be properly marked but must be encrypted as well, this email was not encrypted.
In response, memos have been sent out to those affected.
“We regret this unfortunate development and any inconvenience or undue concerns this may cause,” McCalmont wrote in closing his letter, adding “Additional security measures are being implemented to prevent further unauthorized disclosures and we are adopting new protocols to ensure all PII is protected.”
“While there is no evidence to suggest personal data has been misused, it is the Department of the Navy policy to apprise individuals who may have had personal data compromised,” the May letter from Combat Logistics Regiment 17 Colonel John McCalmont reads. “We recommend you visit the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/edu/