INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
Information about where serving soldiers were staying was easily accessible,
researchers say
The travel details of large numbers of US government and military personnel have been exposed in a data
leak, a security company says.VPNMentor said 179GB of data had been accessible on an unsecured cloud server run by a travel services
company.The AutoClerk database had contained sensitive information about serving soldiers and civilians, it saidThe data had now been locked
down, after the US Department of Defense had intervened, VPNMentor said.The information exposed had included full names, birth dates,
addresses, phone numbers and travel itinerary details, including details of flights to sensitive locations such as Moscow and Tel Aviv as
well as arrival times at hotels and, in some cases, room numbers, VPNMentor said.Payment card numbers had been included but obscured with
standard security systems.Researchers Noam Rotem and Ran Locar said they had found the exposed database, which provided an "invaluable
insight into the operations and activities of the US government and military personnel", while carrying out a large-scale web scanning and
"For the US government, alarm bells should be ringing," said Mr Rotem and Mr Locar
Data on more than 100,000 other trips, booked by civilians, had also been exposed, they said
VPNMentor said it had notified AutoClerk about the data it had found but received no response.It had also contacted the US Computer
Emergency Response Team and the US Department of Defense with its findings.And soon after officials at the Pentagon had been notified,
access to the database had been locked.Neither AutoClerk, which handles itinerary and booking data for several hotel chains and other travel
companies, nor parent company Best Western have responded to a TheIndianSubcontinent News request for comment.The data leak is the latest in
a series to hit travel companies.Choice Hotels, Intercontinental, Radisson, Chinese hotel chain Huazhu, Hyatt, Hilton, Teletext Holidays and
many others have all lost data or been hit by hackers.In July, the UK's information commissioner announced an intention to fine hotel
