Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
United States Security

Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy (reuters.com) 57

Posted by msmash from the security-woes dept.
Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy has said. According to Reuters: It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said. "The Navy takes this incident extremely seriously - this is a matter of trust for our sailors," Chief of Naval Personnel Vice Admiral Robert Burke said in a statement.
This discussion has been archived. No new comments can be posted.

Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy More

Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy

Comments Filter:

  • "Hacked" another word for spyware? (Score:5, Insightful)

    by guruevi ( 827432 ) on Thursday November 24, 2016 @11:08AM (#53354465)

    Everything these days going wrong in information security is a 'hack'. Most likely this dude clicked on an advert on CNN and got some spyware installed.

    It's not a 'hack' if it involves the user on a Windows machine installing something unsavory.

    • Re: (Score:1)

      by Anonymous Coward
      Netcraft confirms: as many as 130000 US navy sailors have been backdoored on regular basis
    • Comment removed based on user account deletion

    • I think the real question is: why had an HPE contractor (or anyone else for that matter) downloaded the stats from a Navy personnel db (or the db itself)?

      The only thing that comes to mind is that he was employed to cross-check the stats against a very long paper list and decided to do it at home while enjoying a beer and watching Netflix.

  • It's not that this could not have happened to any other contractor, but HPE, like most HP itself, is walking dead and this is just another tiny nail in the coffin. It's funny when you read what Megan Whitman said about the recent merge with Micro Focus [bloomberg.com]:

    "They are fantastic assets," Whitman said in an interview. "They're just not core to our strategy."

  • saw this on /. earlier

    • Re: (Score:1)

      by Anonymous Coward

      Yeah. The other article was better written. This Reuters article has 100 words.
      Mods have been ignoring submissions lately. Pushing the same 10 sources every day: Reuters, Vice, TorrentFreak, BetaNews, Softpedia... etc.

  • you can't do anything ... (Score:2, Insightful)

    by Anonymous Coward

    I have confidence that I can keep MY computers secure from anything short of a dedicated state sponsored attack, but I am still vulnerable.

    Anyone who I give my personal data to is a huge risk. Medical care. Employment. Shopping online. Almost any activity collects such data and these systems are compromised on a regular basis, sometimes with the disclosure of highly sensitive data. [wikipedia.org]

    Shit, I don't even trust my doctor's office to secure their infrastructure, but there's nothing you can do., because they wi

    • I have confidence that I can keep MY computers secure from anything short of a dedicated state sponsored attack, but I am still vulnerable.

      Anyone who I give my personal data to is a huge risk. Medical care. Employment. Shopping online. Almost any activity collects such data and these systems are compromised on a regular basis, sometimes with the disclosure of highly sensitive data. [wikipedia.org]

      Shit, I don't even trust my doctor's office to secure their infrastructure, but there's nothing you can do., because they will not give you medical care without entering your information into their computer systems.

      You don't have to worry about *just* your doctor's office. You have to worry about the pharmacy database - every script in this country goes into one or both of two huge organizations that keep track of those little drugs. You have to worry about your insurance company AND the insurance clearing house. As well as CMS (Centers for Medicaid and Medicare Security, a wonderfully Orweillian name) and bog knows who else.

      Might as well just post it on Facebook and stop bothering about it.

  • Well then, at least it could not possibly be data of any significance. Nope, not remotely.

  • SSNs shouldn't be 'sensitive information.' (Score:5, Insightful)

    by Bing Tsher E ( 943915 ) on Thursday November 24, 2016 @11:37AM (#53354599) Journal

    Social Security Numbers need to be defanged. There is no reason they should be considered 'secret numbers' that can be used against a person. It should be totally safe to print your SSN on a t-shirt and wear it in public.

    There is no excuse for it being 'dangerous' to reveal your SSN to others. It's not designed to be a 'protected' piece of information and when established, a Social Security Number was intended simply as an index.

    Unfortunately, the credit industry seems to think they can use the posession of a person's SSN to extend credit to anybody who has access to it. Because of this, our SSNs have become weapons against us.

    It would be easy for us all collectively to take that power of the SSN away from the credit industry. If 10% of all Americans agreed to disclose their SSNs publicly, it would make it impossible and impractical for the credit industry to use the revealing of a SSN to issue credit cards at cash registers in stores, which is, among other conveniences for them, what the 'secrecy of SSNs' is all about.

    My dream is that someday enough of us will agree to publish our SSNs that it would become impractical for the credit industry to use it as a 'secret code.' The coolest way for this to happen would be for people to just start writing their SSN on a sign in front of their house, or on the mailbox or something of that nature.

    Practically, though, the best way it could happen would be in an all-at-once event, so that the Credit Industry can't use SSNs tricking out as an attack vector on a few people at a time. But with a mix of some sort of 'big release' of SSNs and a trickling out, i.e. people not on the 'big release' revealing their SSNs on a place like their mailbox where it can't be verified en-masse, the use of SSNs as a 'secret number' for credit applications could be nullified.

    • I agree with your post, but I'm just wondering what we could use to prove identity without using SSN. Birthdate is easy to find. Driver's licenses can be faked. Mother's maiden name is easily known by any family members.

      • Re: (Score:2)

        by NotAPK ( 4529127 )

        It's about a combination of things you know. Ultimately one of those things has to be secret, like a password that you supply and only you know. Your SSN is entirely unsuitable for this.

        The idea is you should supply 3-4 items from this list:

        Full Name
        DOB
        Address
        Telephone Number
        SSN
        Driver's License Number

        And in addition to that, a secret password that you selected, otherwise, someone finding your wallet on the street has access to everything.

        The whole concept of SSNs being secret and used in the US in all kinds

      • Huh? Drivers licenses can be faked by an SSN can't? What kind of absolutely absurd knowledge is that? Your SSN ceases to be secret and personal every time you share it for identification purposes, at least someone needs to put effort into faking a drivers license (and if that is such a big problem then maybe you should change your drivers licenses).

        Some countries use a point ranking system which requires multiple documents to establish who you are with multiple characteristics. e.g. in Australia for banking

      • Re: (Score:2)

        by gtall ( 79522 )

        Years ago there was talk of a national id. I don't know how practical that was or what kind of security could be built in. What sunk it was the Libretards and Republicans. Naturally, the Christian fundamentalists were against it too, claiming it was akin to tattooing 666-xxx-xxx-xxx-xxx onto everyone. They then went back to pretending security was a warm blanket.

    • Simple solution is to make CC etc. by statue solely responsible for all damages caused by identity fraud.
      Then they would move earth and heaven to make sure they verified identity right.

      Why in land of the law I am responsible for the acts that I did not commit?

  • Sailors are used to getting backdoored.

  • To avoid all identity theft problems we need to do away with all on line, give me this or that bit of your public life to verify it's you.

    All these require some form of physical presents.

    One solution would be local 'kiosks' to issue a digitally signed certificates, for specific reason, after physical verification of identity. Technology exists, (chain of trust or whatever they use for digital currency). Services paid by whoever requested this verification. In a way it would be a kin Public Notary service i

    • Re: (Score:2)

      by AHuxley ( 892839 )
      The only way to secure this is to quiz every US mil/gov sector and see who has in house solution that don't leak due to encryption, air gaps and expert gov/mil staff.
      Keep the mil data well away from contractors.
      Someone in the US gov must be doing something very correct as not all agencies leak to the public or trust contractors.
  • Did grindr get hacked?
  • And the world will see you right back.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close