A sailor learns the features of the Smart Web Move system. This application, which helped sailors with permant change of station moves, was recently infiltrated by hackers. (Yohsuke Onda / Navy)
- Filed Under
The private information of more than 200,000 current and former Navy personnel was compromised in June when hackers broke into the Navy's Smart Web Move Internet site, an application used to arrange household moves on official orders that was subsequently suspended, Naval Supply Systems Command confirmed Wednesday.
The compromised database stored 11 years of private information, but officials said there is only evidence that the personal data for 20 people was posted online. The breach affects anyone who has planned a move via Smart Web Move since 2001, including sailors and other service members, Navy civilians, dependents and retirees. NAVSUP is mailing out 208,944 letters to notify those potentially affected by the hacking.
"The compromised information potentially includes your full name, Social Security number, personal email address, SWM security question and answer, and the addresses involved in your household goods shipment," John Goodhart, deputy head of Naval Supply Systems Command, wrote in an Aug. 29 letter to affected personnel, a copy of which was obtained by Navy Times. The compromised information does not include details of moves, such as an inventory of household goods, NAVSUP said.
A hacker group called "Digital-corruption" claimed responsibility for hacks into the Smart Web Move site and the Department of Homeland Security website using a common hacking method, according to the website The Hacker News. The technique, known as an SQL injection, involves hackers using malicious code on a website's user input to access its private database.
According to The Hacker News, boastful hackers posted afterward: "Navy.mil, care to share some of your staff information?"
The Smart Web Move website was taken offline June 25, two days after NAVSUP learned of the digital break-in. Officials said the site is now isolated from external access, but declined to explain how the hackers accessed the confidential database through the website.
In the letter, Goodhart advised those affected to monitor their personal credit; it is possible that hackers or others, using someone's name and Social Security number, could set up credit cards in their name. Sailors and civilians affected can monitor their credit through Equifax Information Services at no cost, NAVSUP said.
"It is unfortunate this breach occurred and we cannot provide conclusive evidence of what data was extracted," Goodhart said in a statement Wednesday. "We take this data compromise very seriously and continue to strive to protect and secure personally identifiable information."