The failure point in this case was a compromised laptop that belonged to a contractor working for Hewlett Packard Enterprise (HPE). It is unclear at this point how, exactly when or where the laptop was accessed by a third-party. However, the end result is that data on exactly 134,386 sailors — both current and inactive — was compromised, including names and social security numbers.
Affected sailors will be notified over the coming weeks if their data was caught up in this data breach, and credit monitoring services will be offered.
"The Navy takes this incident extremely seriously -- this is a matter of trust for our Sailors," said Chief of Naval Personnel Vice Adm. Robert Burke. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.
The Navy was first noticed of the breach by HPE on October 27th and determined the scope of the incident on November 22nd based on analysis by the Naval Criminal Investigative Service (NCIS). The Navy notified the public on November 23rd. There is currently no indication that the accessed information has been “misused” — for now.
There are over 430,000 activity duty and reserve personnel currently serving in the Navy. HPE has yet to publicly comment on the incident.