Zack Whittaker reports:
A unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.
Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers.
Read more on ZDNet. The leak was discovered by the MacKeeper Security Research team, who provide their own report on the incident, here. The team reports:
The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims.
So will the Air Force contact MacKeeper or Zack and ask them who the apparent owner of the misconfigured Rsync backup is? Will they send folks to MacKeeper and Zack’s to obtain the files?
What will the Air Force do in terms of any discipline of the unnamed officer who appears to own the backup? And what will the Air Force do to prevent another breach like this?
Known breaches only scratches the surface… people are almost always the root csuse and weakest link in highly secure/mature IT environments