US defense agency says personal data ‘compromised’ in 2019 data breach

A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been “compromised.”

The Defense Information Systems Agency sent letters to possible victims earlier this month to warn of a “data breach” involving a system run by the agency.

It’s believed Social Security numbers and other sensitive information may have been taken in the data breach between May and July 2019, the letter said. But it’s not known if the data was stored on a classified system.

DISA, a division of the Dept. of Defense., has about 8,000 military staff and contractors.

DISA spokesperson Charles Prichard confirmed the breach in an email to TechCrunch.

“The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information may have been compromised in a data breach on a system hosted by the agency,” said Prichard. “While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.”

“DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network,” he said.

Reuters first reported the news.

Last week, the Justice Department charged four members of the Chinese military with hacking into Equifax, the credit rating agency, which saw more than 147 million credit reports stolen. Prosecutors also attributed the same hackers to breaches at health insurance giant Anthem, the Marriott Starwood hotel breach and the U.S. Office of Personnel Management breach in 2015, believed to be the largest breach in the U.S. government’s history. The breach saw the theft of 21 million vetting files on federal employees and contractors.