A report backed by the U.S. Military Academy at West Point unveils a disquieting security vulnerability for active-duty U.S. military personnel. Their sensitive personal data, including financial and health records, is being harvested and sold to global entities, potentially exposing them to blackmail and other security threats.
Politico reports that Major Jessica Dawson of the Army Cyber Institute at West Point, who initiated the research, expressed concerns about the targeted risks this situation presents to servicemembers.
The study, conducted by Duke University researchers, found that data brokers are selling detailed information that could be used by adversaries to exploit personnel vulnerabilities.
“It’s really a case of being able to target people based on specific vulnerabilities,” said Maj. Jessica Dawson.
“Cheating on your spouse, financial issues, mental health concerns, all of those things can get your security clearances revoked. Those things are all in the data. It just takes the right combination of content and attackers to start trying to exploit that information,” added Dawson.
These brokers compile extensive digital records from public and private sources, creating profiles that are sold without scrutiny. Researchers posing as buyers from the U.S. and Singapore successfully purchased data on approximately 30,000 active-duty members and 5,000 relatives, revealing a stark reality: servicemembers' data is alarmingly accessible.
“If researchers are able to purchase this, acting in ethical ways, subject to university ethics processes, it would be very easy for a foreign adversary to do so,” said Justin Sherman, a Duke researcher in charge of the project. “The Russian intelligence services don’t have a ban on deception.”
The report stirred reactions from military officials, legislators and privacy experts, who are now calling for tighter regulations on data brokers. Despite existing laws like the Gramm-Leach-Bliley Act, the military-specific risks have spurred lawmakers to consider additional safeguards.
Sen. Ron Wyden and Sen. Bill Cassidy have each proposed measures to address this security lapse, highlighting the urgency for legislative action. Regulatory bodies such as the Consumer Financial Protection Bureau and the Federal Trade Commission are also taking notice, with the CFPB initiating a rulemaking process to limit credit report data access.
“This report further solidifies the need to address this gaping hole in the protection of U.S. servicemembers,” said Cassidy, who reviewed the report, and introduced a bill to prohibit data brokers from selling information of military service members.