The drive contains everything from personnel files to security clearances and ongoing investigations

Mar 13, 2017 15:34 GMT  ·  By

US Air Force documents were left on an unsecured backup drive, exposing highly sensitive personnel files on over 4,000 senior and high-ranking officers. 

According to MacKeeper Security Researchers, the gigabytes of files were accessible to anyone because there was no password to protect the backup drive. It seems the information found there varied from names and addresses of officers, along with their ranks, to even Social Security numbers of over 4,000 officers.

Another file found on the same unprotected backup drive lists the security clearance levels of hundreds of officers, some with "top secret" clearance, which potentially makes them targets for those wanting to get their hands on such files.

Other spreadsheets contained contact information of staff and their spouses, along with private personal information and sensitive data.

Sensitive documents, free for everyone

The report indicates the drive belongs to a lieutenant colonel whose name was not published due to security reasons. Security researchers Bob Dianchenko notified the owner of the situation and the data was secured.

According to them, the most shocking document was a spreadsheet of open investigations which included the name, rank, location and a detailed description of the accusations. While some of the accusations were of discrimination, there were also some sexual harassment claims and others, even more serious.

"One example is an investigation into a Major General who is accused of accepting $50k a year from a sports commission that was supposedly funneled into the National Guard. There were many other details from investigations that neither the Air Force or those being investigated would want publically leaked," the report reads.

Another file contains Defense Information System instructions for encryption key recovery, which is a step-by-step on how to regain access to an encrypted key, complete with all the URLs where someone can request information regarding a Common Access Card and Public Key Infrastructure.

If you've watched any CSI-type show, you already know that this is a lot of information that bad actors can put to use to get to people holding top secret clearances, complete with enough information for blackmail.

It is unclear if anyone other than the MacKeeper Research Team had access to the files.