UpGuard has found that sensitive data from an intelligence command jointly managed by the U.S. Army and the National Security Agency leaked online and exposed virtual platforms and internal information used for classified communications.
Chris Vickery, director of cyber risk research at UpGuard, discovered on Sept. 27 the exposure of the Army Intelligence and Security Command‘s critical data, the cybersecurity company said Tuesday.
A bucket within Amazon Web Services' S3 cloud storage platform was configured for public online access and exposed 47 folders and files that include three downloadable items.
The downloadable files in the exposed bucket include sensitive data related to the Defense Department's cloud auxiliary tool called “Red Disk,“ DoD's intelligence platform for combat operations – Distributed Common Ground System-Army, as well as classified information with the “NOFORN“ label.
The data exposure at INSCOM came weeks after UpGuard discovered cloud leaks within the National Geospatial-Intelligence Agency, U.S. Pacific Command and the U.S. Central Command.
UpGuard called on DoD to have full visibility and oversight into its information technology infrastructure and data handling operations.