The Coast Guard Reserve alerted thousands of its personnel to a data breach last week, nearly three months after someone improperly sent their personally identifiable information to unapproved recipients, the service confirmed Tuesday.
An April 18 notification from the Coast Guard Reserve warned that a data exposure discovered Jan. 24 distributed the private material to “individuals with no authority to view the information,” a retired Coast Guardsman, who received the notification and spoke on the condition of anonymity, told Military Times.
The incident, which affected 10,700 Coast Guard Reserve members, occurred amid a push from the White House to have the maritime service bolster cybersecurity at American ports.
The Coast Guard said that the home addresses of 7,554 individuals, and the names and employee identification numbers of another 3,146, inadvertently were released. A review by the service of the incident revealed that a document used for internal processes had a separate tab that contained the info, which went to the personal email addresses of 85 Coast Guard Reserve members, it said.
“No incidents of fraud have been reported to the Coast Guard to this incident,” the service said, which outlined steps it is taking to ensure similar events do not occur.
The office where the incident originated has since removed the separate tab in the document that contained the personally identifiable info, Coast Guard officials said, adding that the unnamed individual who caused the privacy incident received additional training on properly safeguarding such sensitive information.
When asked why it waited nearly three months to inform those impacted of the incident, the Coast Guard said those who improperly received the personal info “immediately” notified the service’s privacy office, which began the process of notifying those affected once the full extent of the privacy incident was determined.
In its notification, the Coast Guard encouraged those affected to vigilantly review their credit reports and to contact one of the major credit reporting agencies to place a fraud alert on credit files in order to ensure protection from potential identity theft.
In an era in which highly classified military documents can be illegally shared on a social media platform, the Department of Defense is no stranger to having sensitive personal information incorrectly disseminated online. Security breaches that compromise the data of current and former troops have also occurred among the Army National Guard, the Marine Corps Reserve and the Navy. And earlier this year, DefenseScoop reported that the Pentagon was in the process of alerting thousands that their data may have been exposed during a breach the year prior.
A 2020 report by Rand Corp. on the data needs of the Coast Guard noted that personnel data can be particularly sensitive, and as a result represent an especially attractive target for malicious actors.
But as the Coast Guard reviews how it manages the security of its own personnel’s private information, it also faces a task from the White House to take on more responsibility responding to malicious cyber activity against U.S. ports, according to a fact sheet released less than a month after the recent breach occurred.
An executive order issued by President Joe Biden in February provides the Coast Guard with more authority to control the movement of vessels that present a known, or suspected, cyber threat to U.S. maritime infrastructure, the fact sheet said.
The Coast Guard has acknowledged a surge in cyber threats that aim to disrupt systems among U.S. vessels, shipyards, waterways and port facilities. A 2023 Coast Guard Cyber Command report outlines that the uptick of reported threats on critical infrastructure has included attacks believed to involve a China-sponsored group.
“The consequences of a cyber attack on the port infrastructure extend far beyond financial losses,” Rear Adm. John Vann, commander of Coast Guard Cyber Command, said in a release earlier this month. “Disruptions to the supply chain can have cascading effects on global economies, impacting industries and livelihoods.”
The Coast Guard has three active duty cyber protection teams and one reserve team, which hunt for bad nation-state actors, the release said. The service will also soon begin training its 1,200 active duty Marine Science Technicians, it added, who will likely become the first line of defense in spotting cyber issues.
Jonathan is a staff writer and editor of the Early Bird Brief newsletter for Military Times. Follow him on Twitter @lehrfeld_media
Read the full article here