A backup drive used by a U.S. Air Force lieutenant exposed sensitive information about thousands of U.S. military personnel, including a spreadsheet of open investigations and applications for renewing national security clearances.
Mackeeper security researchers found gigabytes of files online not protected by a password, according to ZDNet. They found Social Security numbers, names, ranks and addresses for 4,000 officers, as well as lists of officers and their security clearance level.
The files also contained the kind of information that could subject people to blackmail. For example, the files include detailed descriptions of investigations of discrimination, sexual harassment and bribery, such as a major general being accused of accepting $50,000 a year from a sports commission, according to a Mackeeper blog post on the discovery.
The stash also included two completed Standard Form 86 for two four-star generals, ZDNet said. Those forms require extremely personal details: entire work histories, lists of family and friends, financial records, and disclosures about mental health and drug and alcohol use—and the type of information stolen about 21.5 million federal employees in the Office of Personnel Management breach discovered in April 2015.
Log-in information for the Defense Department’s Joint Personnel Adjudication System, a database of security clearances that uses the NIPRNET unclassified network, also appears in the files.
The drive, which appears to have belonged to a lieutenant, was taken offline after being notified by the security team, though it’s unclear how long it was available or whether others accessed it.