New Zealand Man Buys MP3 Player, Gets 60 Pages Of Sensitive U.S. Military Data

New Zealand's Chris Ogle probably thought it was his lucky day when he scored a used MP3 player cheap. But his luck soured when it turned out to be broken -- and loaded with 60 pages of <a href="http://arstechnica.com/security/news/2009/01/man-buys-used-ipod-gets-60-pages-of-sensitive-military-data.ars">U.S. military data and personally identifying information</a>.

Mitch Wagner, California Bureau Chief, Light Reading

January 27, 2009

3 Min Read

New Zealand's Chris Ogle probably thought it was his lucky day when he scored a used MP3 player cheap. But his luck soured when it turned out to be broken -- and loaded with 60 pages of U.S. military data and personally identifying information.It could have been worse. It could have been a video iPod, filled with the complete run of Dr. Phil.

Ars Technica has the story (although they incorrectly identify the device as an iPod):

The files Ogle found on the [MP3 player] contain the names and personal details of U.S. soldiers, including some who served in Afghanistan and Iraq. There are no details on exactly how many personal records are contained within the documents (most of which date back to 2005), but they do also have information on mission briefings and equipment deployment.

This incident is probably not the worst breach of military data in recent memory. About a year ago, a U.K. military recruitment officer's notebook containing over 600,000 personally identifying, unencrypted records was stolen from his car. In 2007, the U.S. military began clamping down on "milbloggers" who may have inadvertently been giving away too much information to the enemy by posting about day-to-day base operations on increasingly popular public blogs.

"Mr. Ogle said the MP3 had never worked as a music player and he would hand it over to the U.S. Defence Department if asked," according to abc.net.au.

"While the discovery may prove embarrassing to U.S. officials, the outdated files seem to be of little consequence to national security. However, personal information like Social Security and phone numbers could have put individual soldiers at risk for identity theft and personal harm," notes PC World, which adds that U.S. investigators in Afghanistan in 2006 bought stolen flash drives with military information outside Bagram base, a major U.S. military outpost, and the Defense Department later banned use of USB storage devices.

The Obama administration has ambitious plans for using IT to streamline American government, and improve communication with citizens. However, more powerful IT leads to greater vulnerability, unless better security precautions are included in the package.

Enterprises can take a lesson from this. It's the same lesson they can learn from any data breach. Enterprises need to routinely encrypt data on storage devices, be sure to wipe devices prior to selling or giving them away, and control employees putting sensitive data on their personal devices.

And Chris Ogle, who shelled out good money for an MP3 player filled with useless, dangerous data, can take a lesson from this, too: Maybe he should have bought a Zune.

Update, 5:20 pm: Initially, we incorrectly identified the device as an iPod, but it turns out to be some other variety of MP3 player, according to New Zealand's TVNZ. The video shows the device -- it's clearly not an iPod, although I can't identify the brand and model.

Thanks to @daveom, who Twitters from Auckland, New Zealand, for pointing out the error.

About the Author(s)

Mitch Wagner

Mitch Wagner

California Bureau Chief, Light Reading

Mitch Wagner is California bureau chief for Light Reading.

See more from Mitch Wagner
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

cybercrime abstract with two locks
Cyber Resilience
10 Cyber Incident Response Tips From Those Who've Had a Breach and Lived to Tell About It10 Cyber Incident Response Tips
bySara Peters
May 8, 2024
6 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Paul Nakasone, former director of the National Security Agency, and a former commander of US Cyber Command, speaks at the RSA Conference 2024.
Cyber Resilience
Four Horsemen of Cyber Reunite at the RSA ConferenceFour Horsemen of Cyber Reunite at the RSA Conference
byJoao-Pierre S. Ruth
May 9, 2024
6 Min Read
Technologist and author Bruce Schneier addresses the crowd at RSA Conference 2024 about the future impacts of AI on democracy.
Machine Learning & AI
Bruce Schneier: 5 Ways AI Could Shake Up DemocracyBruce Schneier: 5 Ways AI Could Shake Up Democracy
byShane Snider
May 8, 2024
6 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now