A US Marine unit mistakenly shared an unencrypted email that included bank details and other personal information that risked identifying personnel of about 39,000 American marines, sailors and other civilian defence staff.
An investigation has been launched after the email, which included personal information of personnel and staff mostly assigned to the I Marine Expeditionary Force (I MEF), was said to have been sent to about 250 email addresses from the Combat Logistics Regiment 17, 1st Marine Logistics Group, with recipients later asked to delete the message.
A spokesman for I MEF confirmed that the email was sent to Defense Travel System travel administrators who should only have had access to the data within their individual units, adding that the email contained Personally Identifiable Information (PII) belonging to about 39,000 personnel, mostly within I MEF, comprised of marines, sailors, and US Department of Defense civilians.
The spokesman said that, at this time, there was no indication that any PII had gone outside of official government channels, adding: "1st MLG is proactively reaching out to individuals who may have been affected by this incident."
The email is reported to have included variations of personal information such as full names, the last four digits of social security numbers, email addresses, residential and mailing addresses, personal phone numbers, the last six digits of government travel card numbers and expiration dates, and savings account numbers among other details.
The spokesman added that the unit was providing individuals affected with "relevant information, guidance, and resources out of an abundance of caution and because we take safeguarding our Marines' personal information very seriously."
He added: "Additionally, a help desk with a phone number and email has been established to answer questions and concerns they may have."
The incident happened on 9 May, and was discovered on 12 May, 2023. It is currently under investigation by the command.