The sensitive information of thousands of Marine reservists and others was sent in an unencrypted email to the wrong distribution list, potentially putting many at risk of identity theft, officials said Thursday.
The email was sent Monday by the Defense Travel System, the organization servicemembers and some civilians use for government travel. It was erroneously addressed to several usmc.mil unclassified Marine domains, and to some civilian accounts.
The Marines are still investigating the extent of the breach of sensitive data.
"It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that received it," said Maj. Andrew Aranda, spokesman for Marine Forces Reserve.
However, once the information got outside the Marine domain, there was no telling how widely it may have circulated on the internet.
The data breach included social security numbers, bank routing numbers and the credit card information of at least 21,426 Marines, sailors and civilians.
The Marine Corps is taking steps to mitigate any potential identity theft spurring from the incident, Aranda said.
"We are still looking into the spread of the information after the initial email was sent, and while no malicious intent was involved, we still are going to notify all those affected and inform them of the appropriate steps to safeguard their identity and credit from illegal use," he said.