Names, addresses, emails and technical information belonging to 98,000 U.S. military personnel stationed in Europe held by an on-base cell phone concessionaire have potentially been compromised, according to the Army and Air Force Exchange. "The Exchange learned on February 11 of a data breach of customer information held by concessionaire SIGA Telecom," AAFES spokesman Chris Ward said in an email Friday. AAFES referred questions about the nature of the data breach to SIGA. SIGA officials did not immediately provide a comment on Friday. "There was no financial information released," Ward said. "To date, there is no evidence of fraudulent use of the information." After the data breach was discovered SIGA immediately took systems offline, began an investigation and informed German authorities in an effort to find and prosecute the person responsible, Ward said. "The investigation is ongoing." SIGA notified the holders of 27,500 active accounts of the data breach on March 5, he said.
Exchange representatives have met with SIGA executives to review details of the breach and confer on remedial actions, Ward said. AAFES has ordered SIGA to notify its customers, set up telephone information line, develop a remediation plan and re-evaluate its security within 90 days, he said.