The US Department of Defense on Monday secured a server exposing unclassified internal military emails on the internet for the past two weeks. The incident sparked an investigation by the military’s Special Operations Command.
The command “initiated an investigation into information we were provided about a potential issue with the command’s Cloud service,” Special Operations Command (SOCOM) spokesperson Ken McGraw said in an email to CNN Tuesday.
“The only other information we can confirm at this point is no one has hacked US Special Operations Command’s information systems,” McGraw said.
The email leak was first reported by TechCrunch. According to the website, independent cybersecurity researcher Anurag Sen raised an alert about the leaked data, some of which dates back years.
Sen told TechCrunch that anyone who had the IP address of the server could access the data without a password.
The server which was leaked was hosted on Microsoft Azure’s government cloud. It was full of internal military email messages, including some sensitive information. The exposed files contained completed SF-86 questionnaire. The form is filled out by federal employees seeking clearance for the government to collect information for “conducting background investigations, reinvestigations, and continuous evaluations of persons under consideration for, or retention of, national security positions.”
None of the data seen by TechCrunch appeared to be classified. It’s not known if anyone other than Sen found the exposed data.
In 2015, suspected Chinese hackers carried out a data breach at the U.S. Office of Personnel Management stealing millions of sensitive background check files of government employees.