A US government subcontractor reportedly left exposed a massive amount of sensitive data pertaining to military healthcare professionals. Security researchers uncovered that the data leaked online included personal and sensitive information of military personnel, some of whom hold the highest level of security clearance, according to a report.
Booz Allen subcontracted firm Potomac Healthcare Solutions was reportedly the source of the data breach. The firm was reportedly brought on board to provide healthcare professionals to US government and military organisations. According to Chris Vickery, lead security researcher at the MacKeeper Security Center, who discovered the data leak, the data exposed contained details of US Special Operations Command (SOCOM) personnel. Victims include both former and active staff employed by the army, navy, and air force.
Vickery told IBTimes UK: “I first started downloading and reviewing parts of the data on Christmas Day, but did not fully realise the nature of the files until a day or so later. It was found through review of Shodan.io results regarding port 873.
“There were well over 11 gigs exposed. The vast majority were related to Potomac’s financial operations (quickbooks backups, invoices, account statements, etc). However, there were also many spreadsheets and text dumps containing the private details of healthcare workers that Potomac supplies to the US government. These workers include people such as psychologists working with Special Operations Warriors and having top secret clearances.”
According to a report by ZDNet, a sample of the leaked data provided by Vickery revealed that the data was freely available for the public, with little to no protection of abuse from malicious entities.