That National Guard data breach
We got a copy of the bulletin from the National Guard in regards to the data breach that they reported last Friday;
Apparently, they lost all of the data on everyone who served in the National Guard since 2004 and they knew about it last October but didn’t bother to tell you about it until Friday. I guess they were just waiting for some news, like the OPM data breach, to suck up the headlines.
Category: Politics
Well isn’t that special.
OK, with this bunch, not really all that special. It kinda looks like jeopardizing as many Americans as possible in a multitude of ways IS the plan.
No surprise, sigh. The last VA appt., they were planning on giving the MSG a bunch of immunizations, because “there’s no record of you ever receiving these.” Even though he was vaccinated to protect him from everything except stupid politicians.
So my shit’s been compromised twice. Lovely.
Welcome to the club, sister. Once by OPM, once by NGB, and another time back in 03 by a dumbass Major who left a laptop in his car from Oregon Military Department.
Damn. We’re all kinds of fucked up the arse, aren’t we?
Sounds like the dumbass major needed some wall-to-wall counseling. Sigh.
Had to tell my parents and my spouse that their shit has been compromised on my SF-86. Imagine their joy.
What’s being done with the information once it’s stolen? Does anybody know?
We don’t know yet. As far as we know, it hasn’t shown up in any AVC sites… yet, which means it likely wasn’t stolen for financial gain. But it may be too early to tell.
I certainly know nothing about hackers or their motivations, and I’m no economist either, but I’ll throw out what I’ve noticed and see if it makes any sense. Most of the hacks and security breaches have been from China, and yet, just as you said, the information seems to have simply vanished. China has become a main supplier of material goods of all kinds in the US — very little we buy today DOESN’T come from China. The hacks have hit financial, medical, and personal information sites. My best guess is that the Chinese are gathering as much intelligence as they can to determine their — and our — future as trading partners. They want to know how much of their products we buy, and will buy. Our government either can’t or won’t share the financial information they want, so they are willing to barge in and get it. And no, it’s not quite as innocuous as that sounds at first. They are also gathering military and political intelligence in these drag-nets, just like we do. In both cases, China advances HER agenda — but do I think these are strictly militarily-based, malevolent strikes against a potential enemy? No. At least, not at the moment. China is probably our biggest product supplier, and holds a large portion of our national debt. I hope we would not be so stupid as to make her an enemy, but if we do, she’s going to be able to hand us our ass on a platter.
Just to save the argument, I didn’t pull that idea out of thin air, either:
http://www.bloomberg.com/news/articles/2011-12-13/china-based-hacking-of-760-companies-reflects-undeclared-global-cyber-war
I’d say it’s a pretty strong argument. I was thinking along the lines of…
Whom can China turn? Since they now have all our financial information and PII – especially intelligence officers – it would be fairly easy to assess vulnerabilities for both civilian and military. Once they have those vulnerabilities, they can assess with a fair amount of confidence whom they can approach.
I’d say it’s a lot more profound than that. If they want the plans for an airplane, for example, they don’t have to turn anyone to get them. They simply hack everybody who has anything to do with building it, and all that takes is contract information. Once the plane is built, it may be beyond secret, but the bids, the contracts, the plants that produce the wiring and the engines and the electronics? Nah. They can find and get into all of that. Performance? Hell, we’ll write it up for professional publications ourselves — all they have to do is take time to read our journals. The RUSSIANS told us that! Faster, easier, cheaper, and more accurate, anyway you slice it. And I haven’t been able to think of one instance where this method wouldn’t work. Another example: Jonn has said that there are secret missions, but no secret operators. With extensive collection of military personnel data, all they have to do is connect the dots. Want to know who is currently on assignment with a SEAL team? Mine the personnel data. All it takes is time, and finding who is assigned where, for how long, with which schools under their belt. Voila! SEAL team roster on someone’s desk. It probably goes a hell of a lot deeper than that, but you get the idea. It doesn’t take breaking into buildings or actually turning people anymore to get what they want. Oh, they’ll buy info if it’s offered, but compared to the new methods, that’s horse-and-buggy stuff. Whatever security our military personnel had or thought they had, I think that’s a thing of the past anymore. The Chinese probably know more about your life than you do.
Keep in mind that the Chinese don’t mind throwing 10,000 people at a problem they want solved.
Just sell it directly to ISIS, then they can check the press releases to see which units are deployed and hit some soft (dependent) targets…
So any asshole can claim that they served and the dog ate the paperwork.
The way they word it is intentionally confusing. Was this transfer of data authorized, or unauthorized? It reads a lot like it was authorized at some level. It’s hard for me to read “lost all of the data on everyone” from the letter alone. I must be missing something.
The way it reads is “we were doing something screwed up, so we stopped doing it and notified everybody.”
Except they didn’t notify anybody.
At some point a reasonable person has to ask where does the incompetence end and the willful malfeasance begin?
Occam’s Razor tells me it’s bureaucratic dumbassery. You can’t imagine the kinds of morons that work in those fields!
“Once is happenstance”
Twice is coincidence”
Three times is enemy action”
’nuff said.
Gibbs rule 39.
Having worked on the Army staff and the Army National Guard staff, I can say that, while HQDA has its issues, HQDA is the New York Yankees compared to the ARNG staff, especially in personnel and signal. I’m guessing that someone in uniform who had no idea what they were doing told a contractor who had a minimal idea of what they were doing to transfer the files to a system that they shouldn’t have been transferred to.
Wasn’t MPSC holding most of the G1 contracts last fall before the COL Porter incident took them down?
Does all this data compromising at least come with a tube of Astroglide?
At the very least, some Vaseline.
Nope.
And no reach around either
I just call the Chinese Ambassador’s Office for Directory Assistance.
They can also do data recovery for you as well.
They should go into business and open a local office to compete with the US government.
I have an odd feeling it will not take 3 years to complete a FOIA request or locate a government official’s “publicly available” office number.
God, don’t give ’em any ideas. The last thing I want to do is try to learn Chinese — currency or language!
I’m just a dickweed with 45 years of IT experience but if you are going to prevent damage, you report the breach IMMEDIATELY to the affected parties. You don’t wait 10 months to say something. That is not gross incompetence it is GROTESQUE incompetence.
My suggestion is probably over the top but it seems to me that the agencies who promised to protect this information don’t really give a shit about it. So we are required to provide this information, they promise to protect it, they don’t, it becomes our problem, they don’t care, and they wait 10 months to mention that they leaked it. What the hell?!!
Apparently the phrase, “you will never work in this town again” means something different in Washington than anywhere else.
Well said…if I handled data this carelessly not only would I lose my clients, I might be facing litigation for failing to abide by the NDAs due to incompetent data handling.
And we are kicking out good troops for one bad piece of paper while others just continue to keep getting paid no matter how incompetent and negligent they are.
Ineptitude in bureaucracy knows no bounds. Just ask Army HRC about that…
I remember many years ago seeing a General Officer promotion list with SSNs on it. My boss was in AF Personnel and was on that list. I told him it was a bad idea to keep putting SSNs everywhere (OERs, APRs, promo lists, etc.) because of the possibility of identity theft. He saw nothing wrong with doing that and told me so.
Well, Karma, being the bitch that she is, decided it was the General’s turn. He had his ID stolen a few months later. 😉
It used to be required info for any checks that you wrote at the PX, Commissary, etc.
It’s amazing that any of us actually have an identity…
I remember over a decade ago seeing a roster that was being sent out as part of a tasker. Our Command was significantly over-strength of O6s and E9s after an MTOE change.
So what did some bean-counting bureaucrat do?
They sent out a list with all the PII, addresses, and especially SSNs for every single O6 and E9 in the command (about 400 people) down the S1 and S3 channels to make sure everyone had the info they needed to put those O6s and E9s into proper positions.
A few of us said “hey, uh, you really shouldn’t be sending that out with SSNs for all of them” and we were told “well, the G1 and G3 at Command sent them, so, whatever.”
But I reiterate. Soldiers are getting kicked out for even one bad evaluation, but douchebag bureaucrats continue to keep their jobs.
How could my personal information have possibly been stolen when I change my AKO password every 150 days? SARC
Next time it will have to be 48 characters, at least 7 of which require you to revise the character map on your keyboard. And don’t you DARE write it down anywhere….
Perhaps at age 68 I should go back into the Army. I must be the only holder of a Top Secret/crypto/SI clearance in the world that the Chinese don’t know about. All of my security records were on paper.
The records for my Silver Star (withV, Hour glass, OLC, and Thumbs Up devices) Ph, Sniper School, Stratospheric HALO wings , and NDSM (3rd Awd) were stolen during the great data breach of 2015 which is why they arent on my 214…….yea, thats the ticket!!