Hackers infiltrated the Pentagon food court's computer system, compromising the credit and debit card info of an unknown number of employees.
Lt. Col. Tom Crosson, a Defense Department spokesman, said on Tuesday that employees were notified that hackers may have stolen bank account information from people who paid for concessions with a credit or debit card.
"Within the past week, our Force Protection Agency has received numerous reports of fraudulent use of credit cards belonging to our personnel. These individuals had fraudulent charges to their account soon after they had legitimate transactions at the Pentagon," according to a copy of the notice to employees obtained by the Washington Examiner.
Crosson was unable to say how many people have been affected or over what time period, saying the Pentagon Force Protection Agency is investigating.
The investigation is still looking into which of the multiple food courts were hacked, Crosson said. Investigators are asking employees to report if they receive a fraudulent charge on their credit card within the last 120 days and within 48 hours of making a purchase at the Pentagon. More at the Washington Examiner
So, is the FTC now going to sue the Pentagon because they did not protect consumer information?
Usually the hackers get in with spear-phishing attacks using public facing email addresses. Which of your email addresses are exposed on the Internet and are a target for phishing attacks? You can get a one-time no-charge Email Exposure Check (EEC) sent to you if you want to know how big your email attack surface is: