WASHINGTON–The U.S. Department of Defense is warning that a data breach has exposed travel records for at least 30,000 military personnel.
The DoD said it identified the breach on Oct. 4, but some analysts believe it may have gone on for months.
“The department is continuing to gather additional information about the incident, which involves the potential compromise of personally identifiable information of DoD personnel maintained by a single commercial vendor that provided travel management services to the department," the DoD said. "This vendor was performing a small percentage of the overall travel management services of DOD."
The breach involves the exposure of at least some personal information and payment card data being revealed.
The Pentagon says its leadership was informed about the breach on Oct. 4 by one of the department's cybersecurity teams. AP reports that the breach may have begun months prior.
The Pentagon has declined to name the vendor involved, saying only it has “taken steps to have the vendor cease performance under its contracts."
The Defense Department says it has begun directly notifying all breach victims and is offering the victims prepaid identity theft monitoring services.