The personal information of US active-duty service members is widely advertised online and can be bought easily and cheaply, a recent study by Duke University has found.
The researchers said they took advantage of the vast data-broker ecosystem in the country, from major credit reporting agencies to mobile apps that illegally sell users’ location data.
More than 500 data broker websites reportedly advertised information about US soldiers, with some requiring a nondisclosure agreement before closing a deal.
According to the researchers, they successfully purchased sensitive data of about 50,000 US military personnel for as cheap as 12 cents per person.
Among the data they bought were names, phone numbers, addresses, marital status, names of children, net worth, and credit ratings.
The researchers warned that the information for sale could be used by foreign and malicious actors to stalk or blackmail active-duty service members and their families.
‘Sobering Wake-Up Call’
The result of the study has raised serious alarm concerning the cybersecurity of American troops, as some brokers offered records that could help a buyer determine where a soldier is currently stationed.
It also prompted fears that a lack of necessary regulations in the data brokerage sector may pose a major national security risk.
According to Senator Bill Cassidy of Louisiana, now is the right time to address the “gaping hole” in the protection of US service members, particularly in cyberspace.
Senator Ron Wyden of Oregon also said the findings are a “sobering wake-up call” to the country’s policymakers, cautioning that the data broker industry might already be getting out of hand.