Military data leak

DOD CIO Readies New Cloud Security Policies Following Microsoft Server Exposure

John Sherman, chief information officer of the Department of Defense and a 2023 Wash100 awardee, could issue new cloud security measures after Microsoft Azure-hosted emails containing sensitive military data were found to have been publicly accessible online for two weeks.

Cmdr. Jessica McNulty, a DOD spokesperson, emailed DefenseScoop Thursday revealing that the server containing the exposed information was taken down on Feb. 20 and that the U.S. Cyber Command and the Joint Forces Headquarters-DOD Information Network are studying the leak’s cause and impact.

She said Microsoft and affected Pentagon components are cooperating with the investigation and that Sherman is expected to amend security measures based on the findings and recommendations, DefenseScoop reported Friday.

The exposure was identified earlier in February by Anurag Sen, an independent security researcher. The affected server was found to lack a password, making it accessible to anyone that knows its internet protocol address.

Leaked data potentially includes emails related to the U.S. Special Operations Command with many containing personal information belonging to individuals that have applied for high-security clearances.

The news comes after the release of a Government Accountability Office report urging the DOD to reform its cyber incident reporting practices. GAO recommended that the defense agency document when it notifies individuals about leaks of their personally identifiable information.