Social Security numbers stolen in defense agency data breach

The hack targeted a system run by the Defense Information Systems Agency.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

A data breach hit DISA, a US defense agency responsible for securing IT for combat missions and the White House, a spokesman confirmed Thursday.

Graphic by Pixabay/Illustration by CNET

An agency under the US Department of Defense was hit by a data breach that affected personal information. Hackers stole Social Security numbers, names and other personal data, a department spokesman said Thursday.

The Defense Information Systems Agency, or DISA, is responsible for providing IT support to combat missions, in addition to securing White House communications, according to the agency's website.

Department of Defense spokesperson Charles Prichard confirmed Thursday the agency had detected a breach of personally identifiable information on a system it hosts, and was in the process of notifying those affected by letter. The breach affected people associated with the Defense Department. They will also receive a follow-up letter with more information about how the agency will help them respond to the incident. That'll include free credit-monitoring services for everyone involved, he said.

"DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network," Prichard said. 

The breach occurred between May and July 2019, according to Reuters, which reported the story earlier Thursday. Other major data breaches that exposed Social Security numbers include the hack of the US Office of Personnel Management in 2015 and the attack on Equifax in 2017. Stolen Social Security numbers create a risk of identity theft.

Prichard said DISA has no evidence the stolen information has been misused, but security experts note that it's very difficult to track how a specific data breach leads to later crimes.

With a stolen Social Security number, criminals may open new lines of credit, or use it to claim government benefits and tax refunds, among other things. The FTC and the Identity Theft Resource Center both provide advice on how to respond if you're affected by a data breach that includes your Social Security number or other sensitive information.

Originally published Feb. 20, 12:30 p.m. PT.
Update, 2:01 p.m.: Adds information about the breached data and who it belonged to.