A year after a cybersecurity incident, the U.S. Department of Defense (DOD) has begun notifying affected individuals about exactly what happened.
In February 2023, cybersecurity researcher Anurag Sen discovered a US government email server that was without the proper password to protect its contents – essentially leaking sensitive information to anyone who knew where to look.
The exposed email server was hosted on Microsoft’s Azure government cloud for the Department of Defense, allowing it to share sensitive, but still unclassified, data. This service provides servers that are physically disconnected from commercial customers, and was part of an internal mailbox system that contained approximately 3 TB of internal military emails, some of which referred to the US Special Operations Command (USSOCOM), a military unit that performed operations.
Consequences have yet to be determined
The database was secured a day after the news broke, but now, almost exactly a year later, the Department of Defense began emailing affected individuals to inform them of the incident.
From TechCrunchthe breach notification letter was sent to approximately 20,600 individuals on February 1. It said that “between February 3 and February 20, 2023, numerous email messages were inadvertently exposed to the Internet by a service provider.”
“For practical and operational safety reasons, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that led to the exposure. DOD continues to work with the service provider to improve prevention and detection of cyber events. Notification to affected individuals is ongoing,” said DOD spokesperson Cdr. Tim Gorman in an email to TechCrunch.
While we now know how many people were affected by the breach, we still don’t know whether threat actors found the database before Sen.