The Pentagon is investigating how a trove of internal US Special Operations Command emails was apparently exposed publicly online and leaked unclassified data for nearly two weeks without the military’s knowledge, a Pentagon spokesperson told CNN.
The Department of Defense’s chief information officer and the US military’s Cyber Command are investigating the root cause of the incident and “why this problem was not detected sooner,” US Navy Commander Jessica McNulty, a Pentagon spokesperson, told CNN Thursday night.
The investigation follows an independent cybersecurity researcher’s discovery of three terabytes of Department of Defense unclassified emails sitting on the public internet, apparently due to a misconfiguration of a computer server and dating to February 8. That amount is equivalent to dozens of standard smart phones’ storage.
CNN reported earlier this week that the military had launched a probe into the researcher’s report.
Samples of the emails that the researcher, Anurag Sen, shared with CNN dated back years and included standard information about US military contracts and requests by Department of Defense employees to have their paperwork processed.
It is not uncommon for large organizations to inadvertently expose internal data to the internet, but the fact that this was a Department of Defense email server will give US officials cause for concern.
Special Operations Command is an elite Pentagon command responsible for counterterrorism and hostage rescue missions around the globe.
The involvement of Cyber Command in the investigation underscores the greater prominence it has taken in securing the US military’s sprawling set of computer networks in recent years. More than a decade since its formation, the command has taken on a bigger role in hacking cybercriminal networks and foreign governments, but also in helping with defense of military computer networks.