Autoclerk database breached data of US military employees

23.10.2019

Back to news

Autoclerk database containing more than 179GB of data belonging to thousands of travellers who use such platforms as OpenTravel, HAPI Cloud, and Synxis. US military employees appeared to be among those whose personal details were compromised.

The unprotected database exposing names, dates of birth, home addresses, phone numbers, travel dates and costs, and credit card details, was stored by Elasticsearch service.

The information was discovered online by researchers in September. As people can be affected by potential phishing threats, government employees can experience a bigger impact. The US military’s contractor, the database of which was publicly available together with other exposed details, assists with arranging trips for military staff members and, according to the vpnMentor researchers, manages “independent contractors working with American defense and security agencies”.

Personally identifying information (PII) was uncovered as well as US army generals’ travel destinations. Third-party contractors are motivated by the government to promptly check their protocols against the requirements.