Was the information attained through a compromise of Marine Forces Reserve's cyber security?
There was no compromise from an external source nor malicious intent from an internal source. On the morning of February 26th, 2018, an unencrypted email with an attachment containing personally identifiable information was sent out erroneously to a distribution list of email addresses both within and outside of the usmc.mil domain.
Will Marine Forces Reserve offer to pay for credit monitoring services for those impacted by the spillage?
We are looking at all of the mitigation options available to us. We will keep our personnel informed as to what actions that are to be taken to protect their information.
What procedures failed that resulted in this spillage? Did someone fail to encrypt an email that contained the PII?
On the morning of February 26th, 2018, an unencrypted email with an attachment containing personally identifiable information was sent out erroneously to a distribution list of email addresses both within and outside of the usmc.mil domain. A review of our PII protection policies is underway and we will make any changes if required.
Did the spillage contain information of any family members of your personnel?
Some emergency contact information of our personnel was in the attachment, but we are not able to get into specifics. We will keep our personnel informed as to what information was in the spillage so they may best protect themselves.
How many people had their information compromised?
We are aware that 21,426 Marines, Sailors, and civilians were impacted.
How do you plan to inform the personnel whose information was released?
While there is no evidence to suggest personal data has been misused, it is the Department of the Navy policy to apprise individuals who may have had personal data compromised. Out of an abundance of caution we will be sending all 21,416 personnel a letter informing them of the spillage, along with the options that are available to them for identity theft protection.
How many .mil and .com email addresses did the email get sent to?
Only 272 .mil and 6 .com email addresses were sent the email. The email was sent only to people who work in the Marine Forces Reserve headquarters building here in New Orleans. Additionally, each .com addressee has been contacted by our cybersecurity division to ensure the email and its attachment were successfully deleted during the recall, or deleted manually. Since Monday, February 26, 2018 - a few minutes after the email was sent - we have worked meticulously to reduce any potential compromise of the information, and will continue to provide updates to our personnel so they may best protect their identities and credit details.
Does receiving a letter confirm that my information was in the spillage?
Yes. You received the email because your personally identifiable information was in the spillage. It is standard procedure to notify our personnel if/when this occurs. We have worked meticulously to reduce any potential compromise of the information, and will continue to provide updates to best protect your identities and credit details.
Are there any actions that I should take?
While there is no evidence to suggest personal data has been misused, it is the Department of the Navy policy to apprise individuals who may have had personal data compromised. We recommend you visit the Federal Trade Commission's website for guidance on protective action at:
https://www.consumer.ftc.gov/articles/0235-identity-theft-protection-services
We take this potential data compromise very seriously and continue to strive to protect and secure your PII. Should you have any questions or concerns, please review the DoD Privacy Office's frequently asked questions website located at:
http://dpcld.defense.gov/Privacy/About-the-Office/FAQs/