Lodi News-Sentinel

Pentagon, Microsoft investigat­ing leak of military emails

- Peter Martin, Dina Bass and Anna Edgerton

WASHINGTON — The Defense Department and Microsoft Corp. are investigat­ing an error that exposed at least a terabyte of military emails including personal informatio­n and conversati­ons between officials, people familiar with the matter said, an episode that highlighte­d the security risk of moving sensitive Pentagon data to the cloud.

The Pentagon’s Cyber Command has taken the lead on the investigat­ion with Microsoft, which operates the Azure cloud-computing service that stored the data. Informatio­n on a U.S. Special Operations Command server was accessible without a password, said the people, who asked not to be identified discussing informatio­n that hasn’t been publicly released.

Investigat­ors have no sign yet that the exposed data was accessed but were still working to assess the fallout from the leak, the people said. A US Cyber Command spokespers­on declined to comment but said defensive cyber operators scan and mitigate the networks they manage. The emails contained conversati­ons between Pentagon officials as well as completed SF-86 forms, which government employees are required to fill out to obtain security clearances, according to screenshot­s of the emails shared by Anurag Sen, an independen­t security researcher who discovered the leak. The incident was first reported Tuesday by TechCrunch.

The exposure may have resulted from a configurat­ion error with Microsoft’s server that left it publicly accessible, two of the people said. They had differing assessment­s on who was at fault, with one saying it was the fault of a Pentagon employee and another saying Microsoft was to blame.

The leak will draw new scrutiny to the Pentagon’s push to move much of its data over to commercial cloud-computing. On Feb. 15, the Pentagon inspector general issued a report saying agency staff “may be unaware of vulnerabil­ities and cybersecur­ity risks” linked to storing data in the cloud.

The leak may also complicate Microsoft’s bids for future government contracts. Microsoft is one of four companies, along with Alphabet Inc., Oracle Corp., and Amazon.com Inc., that the Pentagon selected to compete for orders under a potential $9 billion cloud-computing contract. Microsoft initially won an earlier contract worth $10 billion but that was canceled after a legal challenge from Amazon. Micorsoft was dealt a blow last month after Congress rejected the Army’s request for $400 million to buy as many as 6,900 of Microsoft’s combat goggles, which were found to cause headaches, eyestrain and nausea.

Newspapers in English

Newspapers from United States