A new report finds U.S. military data is being sold online.
The information is cheap and granular, says Duke University fellow Justin Sherman, raising concerns that a foreign adversary or malicious actor could take advantage of the security gap.
"It's basically like a build-your-own-pizza menu," says Sherman. He is part of a research team that uncovered a vulnerability in an unregulated data broker industry: that it is easy and cheap to purchase private data on active-duty military officers and veterans.
The revelation raises concerns about how foreign governments could exploit service members, veterans and their families.
"The data we bought was as cheap as $0.12 a service member," Sherman told Scripps News, in his first sit-down interview since the report was released.
It comes after Gen. Charles Brown, now chairman of the Joint Chiefs of Staff, warned in a September letter that China is "targeting and recruiting U.S. and NATO trained military talent."
As they began to engage in negotiations with data brokers for their research, the Duke University team bought burner phones, used wiped laptops, and turned to virtual private networks to minimize data tracking on themselves.
"We were able to buy virtually identical data through our Asia website, as we did with our U.S. website," Sherman said. "If we as researchers can go and get this data, there is no way that a foreign adversary would have any trouble getting access to it."
He says they obtained highly detailed datasets, including records that listed specific security agencies, and the "U.S. Navy Dept Naval Shipyard, Pentagon Force Protection Agency or Defense Advanced Research."
"The data we purchased, and that's out there for sale, is quite granular: which specific health conditions a service member has, how much debt they're in, and what their credit score is. Even the number of children in their home and all of that is individually linked to them by name," said Sherman.
He says every single member of the military has likely had their private data collected by data brokers.
Following this report, Sen. Wyden, a Senate Intelligence Committee member, told Scripps News, "The researchers' findings should be a sobering wake-up call for policy makers — as I have been warning for years, consumer privacy is a national security issue." He says the U.S. shouldn't focus on banning TikTok, which he calls an "ineffective Band-Aid." He says the country needs a more comprehensive solution to protect Americans' data from unfriendly nations.