Thousands of U.S. Air Force documents, including highly sensitive personnel files on high-ranking officers, were left exposed on an unsecured backup drive.
The files — including completed applications for national security clearance for two four-star generals — could have been accessed by anyone because the backup drive was connected to the internet without password protection, reported ZDNet.
The website reviewed the unprotected files and found they contained the names, addresses, ranks and Social Security numbers of more than 4,000 officers, and another file lists the security clearance levels for hundreds of officers.
The unprotected drive belongs to a lieutenant colonel, but ZDNet did not publish that officer’s name.
A Mackeeper security researcher notified the drive’s owner last week, and the data was secured.
The drive contained completed national security clearance forms filled out by two generals who each recently held top U.S. military and NATO positions — which national security experts told the website could be described as “holy grail” information for foreign spies.
Both generals, who have not been named, are now retired.
The clearance forms asks applicants to disclose past arrests, drug and alcohol issues, or mental health concerns, in addition to other potentially embarrassing personal information.
The unsecured data — which also included a list of officers under investigation for unsubstantiated claims of wrongdoing — offer a “blueprint” for blackmail, according to one former government official.
It’s not clear how long the backup drive was active or whether anyone besides the security researchers accessed the documents it contained.
A Department of Defense subcontractor, Potomac, was the source of another data disclosure last year, when the personnel files of physical and mental health support staff were accidentally leaked.