On October 4, Pentagon officials were alerted to a data breach that exposed the personal data of at least 30,000 DoD personnel. The data was accessed through a system that maintains travel records, which is operated by a third-party contractor.
A breach in the defense
- Criminal hackers gained access to the personal data, including credit card information, of military and civilian personnel
- 30,000 people are thought to be affected, but this number could rise significantly as the investigation continues
- Although the DoD has not named the third-party vendor that was attacked, it “has taken steps to have the vendor cease performance under its contracts”
- It is not known when the breach took place – it could have happened months ago, even though it was only recently discovered
A Pentagon statement said: “The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel.”
No organization is immune to data breaches
The DoD incident is the latest in a long line of high-profile data breaches and emphasizes the importance of strong data protection measures. The past year has seen tech giants such as Facebook and Google breached alongside smaller businesses all across the globe. The message is clear: No organization is safe from data breaches.
Data protection and the GDPR
The EU’s General Data Protection Regulation (GDPR) applies to any organization processing and storing EU residents’ personal data, irrespective of the organization’s location or where the data is processed. North American organizations with a connection to the EU – whether through subsidiaries, customers, or suppliers – stand to be affected.
Complying with the GDPR will not only help you avoid significant fines and reputational damage but also shows customers that you can be trusted with their data, and ultimately derive added value from the data you hold.
Learn from the experts how to meet the requirements of the GDPR with IT Governance’s Certified EU GDPR Foundation and Practitioner Combination Course. Gain knowledge of the Regulation, a practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfill the DPO (data protection officer) role.
Speak to an expert
Please contact our GDPR team for advice and guidance on our products and services.