The personal data of more than 130,000 sailors in a re-enlistment approval database was stolen from a contractor's laptop, the Navy disclosed Wednesday.
The Navy was notified in October by Hewlett Packard Enterprise Services that a computer supporting a Navy contract was "compromised," and that the names and social security numbers of 134,386 current and former sailors were accessed by unknown persons, the service said in a news release.
The Naval Criminal Investigative Service is in the early stages of investigating the breach, but in a release said it hasn't found any malicious use of the data yet.
"The Navy takes this incident extremely seriously -- this is a matter of trust for our sailors," said Navy personnel boss Vice Adm. Robert Burke in a statement. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach."
A Navy official familiar with the investigation said the personal data came from the Career Waypoints database, known as C-WAY, which sailors use to submit re-enlistment and requests to change Navy Occupational Specialties.
The official told Navy Times that the service is still trying to determine exactly which sailors had their personal data compromised. That's because Hewlett Packard had provided the Navy with the compromised data in the past few days and the service had only just begun determining which sailors' personal information was impacted.
Most are expected to be active-duty sailors, but the service says it's possible that some are now in the selected reserve or could be totally out of the Navy, too.
It could take up to two weeks for the service to identify everyone and as that happens, the service will notify the affected sailors by phone, email and by mail and is looking into credit monitoring services for them.
This is at least the second major breach of Navy data linked to its contracting activities with Hewlett Packard. In 2013, the service announced that Iran had penetrated its unclassified Navy and Marine Corps Intranet. In March 2014, the Wall Street Journal reported that the breach was due to a sloppily written contract with Hewlett Packard that didn’t require HP to provide security for some of the Navy’s unclassified databases.
It took four months for officials for purge the hackers from the system.
Three months later June 2014, news broke that Chinese hackers had infiltrated the Office of Personnel Management’s computer systems, and by the next summer it was clear 18 million troops and federal workers who had filled out security clearance paperwork had their personal data stolen from under OPM’s nose.
The hackers had access to the systems for more than a year, according to news reports. The OPM hack was one of the largest breaches of federal data in history.
Senior Reporter Mark D. Faram contributed to this report.
David B. Larter was the naval warfare reporter for Defense News.