Homeland Security

Navy: Hack of Contractor's Laptop Compromises Personal Info of More Than 130,000 Sailors

Participants in the joint multinational exercise Cyber Guard 2016 work through a training scenario during the nine-day event in Suffolk, Va., on June 16, 2016. (Navy photo by Petty Officer 2nd Class Jesse A. Hyatt)

The Navy said today that the hacking of a laptop used by a contractor comprised sensitive information from tens of thousands of sailors.

Hewlett Packard Enterprise Services notified the Navy on Oct. 27 that one of their contractor’s laptops had been breached. The Naval Criminal Investigative Service launched an investigation in conjunction with HP’s probe and concluded Tuesday that “unknown individuals” gained access to personnel information.

The leaked info included names and Social Security numbers of 134,386 current and former sailors. The Navy Times cited an unnamed official close to the investigation saying that the breach occurred in the C-WAY database, used by sailors to submit re-enlistment and occupational specialty requests.

Those affected will be notified in the coming weeks, the Navy said, by “multiple means” of communication.

The Navy said there isn’t an indication yet that the compromised information has been used in any way, but the investigation is ongoing and officials are weighing credit monitoring options for affected sailors.

“The Navy takes this incident extremely seriously- this is a matter of trust for our Sailors,” Chief of Naval Personnel Vice Adm. Robert Burke said in a statement. “We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.”

Last year, the Office of Personnel Management suffered a hacking that compromised the sensitive information of more than 21 million people who worked for the government or had undergone background checks for a government job.

The mega-breach led OPM director Katherine Archuleta to resign in July 2015 and ignited a firestorm on Capitol Hill regarding cyberthreats and what is and isn’t being done to protect sensitive data.