There has been a cyber breach of Defense Department travel records that compromised the personal information and credit card data of thousands of U.S. military and civilian personnel, according to an Associated Press report.
A U.S. official familiar with the matter said the breach could have affected as many as 30,000 workers, but that number may grow as the investigation continues, the AP said. It is not known exactly when the breach occurred.
Sources close to the investigation indicated that no classified information was compromised.
A department cyber team informed leaders about the breach Oct. 4, according to a Pentagon statement.
Lt. Col. Joseph Buccino, a Pentagon spokesman, told the AP the department is still gathering information on the size and scope of the hack and who did it.
“It’s important to understand that this was a breach of a single [outside contractor] that provided service to a very small percentage of the total population” of DoD personnel, said Buccino.
He did not identify the company and no additional details about the breach were available.
“The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel,” said the statement, adding that affected individuals would be informed in the coming days and fraud protection services would be provided.
Buccino said due to security reasons, the department is not identifying the contractor. He said the contractor is still under contract, but the department “has taken steps to have the [contractor] cease performance under its contracts.”