The US Navy has confirmed it has suffered a data security breach. Specifically it says personal information from 130,000 sailors was accessed after a laptop belonging to someone from HP Enterprise was compromised. There is no suggestion that the data has been abused, just that someone was able to get at it, and they don’t know who.
Which must be a bit of a relief all round. The data included social security numbers and similar information so no military manoeuvres are believed to have been put at risk either. So far, so uncomfortable but good.
Security breach means security breach
The concern has to be that if some security breaches are getting into the public domain, as we’ve said before, there are presumably others either undetected or undeclared. Let’s be clear about this: in this instance, HPE behaved entirely honourably and professionally and informed its client that the breach had happened in late October. The Navy’s decision to go public is equally the correct thing to do, saving a lot of rumour and smoke and mirrors.
The concern has to be that the hackers won’t be staying still, they’ll be working on ways to improve their techniques. A further issue is that the organisations in question this time around are not small or amateurish. The US Navy is very security conscious for obvious reasons. HPE, which split from the rest of HP recently, is a non-trivial organisation.
So have all the other companies been which have suffered similar breaches in recent years. It’s unlikely that anyone is going to find this event was due to a simple error that could have been avoided (although nothing is impossible); these are major, professional bodies.
If tech professionals and indeed board members can learn anything from a security breach like this one then it’s that if it can happen here, it can happen anywhere. There has never been a time when it’s more important to keep IT security provisions up to date.