A security organization has revealed that a large number of US government and military personnel have had their travel details exposed in a cyber breach.

VPN Mentor discovered that 179GB of sensitive data from serving soldiers and civilians that were being stored on AutoClerk’s cloud database was left unsecured.

AutoClerk is a firm used to make booking travel easier.

The discovery

Whilst carrying out a large scale scanning and mapping cybersecurity project, researchers from VPN Mentoring, Noam Rotem and Ran Locar, found the exposed database.

Commenting on the find, they say “For the US government, alarm bells should be ringing,”

When finding out about the breach, which was noticed on September 13^th, the US Department of Defence intervened and the data has now been locked down.

Details revealed

The info exposed included travel itinerates, names, dates of births, phone numbers, flight details, and sensitive locations.

“Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past, and future,” the researchers from VPN Mentor explained.  “This represented a massive breach of security for the government agencies and departments impacted.”

They continued, “In some cases, this included their check-in time and room number. It affected 1,000s of people across the globe, with millions of new records being added daily,”

Payment card numbers were also part of the unprotected information, but luckily, because of standard security, the details were obscured.

Contacting AutoClerk

The security company said it has contacted AutoClerk but has not yet had a response. The US Computer Emergency Response Team, as well as the US Department of Defence,  were also contacted.

Data from over 100,000 civilian trips has also been exposed in the breach. However, it seems none of this had been noticed and tampered with before VPN Mentor’s realization.

This situation has once again raised questions over the safety of cloud-based data storing when security is not implemented correctly.