New Zealander discovers US military data on MP3 player

Wednesday, January 28, 2009

The more I look at it, the more I see and the less I think I should be looking.

—Chris Ogle on TVNZ's ONE

A man from New Zealand has found data belonging to the United States Armed Forces on a used MP3 player. Chris Ogle was shopping at a thrift store in Oklahoma when he bought the player for $9. Upon returning home to Whangarei and connecting it to his computer, he discovered files listing data about US soldiers serving in Afghanistan and Iraq.

Among the data is lists of Social Security numbers, as well as mission briefings and a list of pregnant soldiers. Most of the data is from 2005, and it does not appear its exposure will have a major impact on US national security. As with any major data breach, however, there is a chance for identity theft of the persons whose information is contained on the player. Ogle has stated he will return the files if he is asked to by US officials. Neither the US embassy in Wellington nor the military had any comment for reporters.

The US government has been hit by several high-profile data breaches and worm infections in the last few years. In 2006, investigators had to buy back USB flash drives — containing sensitive information — that had been stolen from a military base in Bagram. The United States Department of Defence banned flash drives in 2008 after malware infected computers there. Also in 2008, John McCain's presidential campaign accidentally sold a BlackBerry, which held sensitive data about the campaign, to a reporter.