The Web site, which the Navy has not identified, contained five spreadsheet files with personal information, including Social Security numbers, on Navy members and dependents.
The Navy said it discovered earlier this week that personal data – including Social Security numbers and birthdates – on 28,000 service members and their family members had been published on a civilian Web site.
A Navy Personnel Command spokesman said the information, contained in five spreadsheet files, has been removed from the civilian Web site.
The spokesman declined to identify the Web site because of an ongoing investigation. But he said it was not a Web log or site operated by an individual.
The Navy said in a statement that it first became aware of the exposure of the personal information June 22 in a report by the Joint Task Force-Global Network Operations the Navy Cyber Defense Operations Command, part of the Naval Network Warfare Command (Netwarcom).
The Navy Personnel Command said it is working with Netwarcom, the Naval Criminal Investigative Service and other commands to determine when and how someone published the information. They will also try to prevent similar occurrences in the future.
Navy employees can call the service’s Personnel Command call center around-the-clock this weekend. The command also plans to contact individuals whose personal information was exposed.
Affected service members potentially face a dual privacy threat if their personal information was also in a batch of Social Security numbers contained in a stolen Department of Veterans Affairs database. A thief stole the records of 26.5 million veterans and potentially more than 1 million active-duty personnel from the home of a VA employee last month.
“Once again, we face the prospect that sensitive information on active duty military personnel has possibly been compromised,” Rep. Tom Davis (R-Va.) chairman of the House Government Reform Committee.
This episode serves as a reminder that federal agencies must take every caution to ensure the safety of sensitive personal information, Davis added.
It appears the Navy took quick action to get the data removed from the Web site and will soon contact the affected individuals, Davis said. “I applaud them for their response,” he said.
The Navy said it has found no evidence that someone has used the data illegally. The service encouraged its members to carefully monitor their bank accounts, credit card accounts and other financial transactions.
NEXT STORY: Hacker might have breached personal data at USDA