A massive data breach at the U.S. Marine Corps Forces Reserve has leaked the personal information of more than 20,000 Marines and civilians.
According to reports, the compromised data included highly sensitive information, such as truncated Social Security numbers; bank electronic funds transfer and bank routing numbers; truncated credit card information; mailing address; residential address and emergency contact details.
The leak involved an unencrypted email with an attachment containing the confidential information of 21,426 people, which was sent to an incorrect email distribution list on Monday morning.
Marine Corps Times reported the email was a roster sent out by the Defense Travel Systems (DTS), a travel management system that assists military and civilian defense personnel with travel itineraries and reimbursements for official trips.
“It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that received it,” said Marine Forces Reserve Spokesman Maj. Andrew Aranda in a command release.
The email was reportedly sent within the usmc.mil official unclassified Marine domain but was also received by some civilian accounts.
“The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information,” said Aranda.
In this case, officials said they believe the breach was a mistake and “no malicious intent was involved.”
Meanwhile, the Marine Corps said it has launched an investigation and is working to notify individuals affected.
“We…will make any required changes to better safeguard how we collect and store data to prevent this incident from happening again,” added Aranda.
On average, DTS processes more than 25,000 transactions and has roughly 100,000 unique users. It operates at over 9,500 total sites worldwide, states the Defense Travel Management Office website.