UpGuard has found that sensitive data from an intelligence command jointly managed by the U.S. Army and the National Security Agency leaked online and exposed virtual platforms and internal information used for classified communications.
Chris Vickery, director of cyber risk research at UpGuard, discovered on Sept. 27 the exposure of theÂ Army Intelligence and Security Command‘s critical data,Â the cybersecurity company said Tuesday.
A bucket within Amazon Web Servicesâ€™ S3 cloud storage platform was configured for public online access and exposed 47 folders and files that include three downloadable items.
The downloadable files in the exposed bucket include sensitive data related to the Defense Departmentâ€™s cloud auxiliary tool called â€œRed Disk,â€ DoDâ€™s intelligence platform for combat operations – Distributed Common Ground System-Army, as well as classified information with the â€œNOFORNâ€ label.
The data exposure at INSCOM came weeks after UpGuard discovered cloud leaks within the National Geospatial-Intelligence Agency, U.S. Pacific Command and the U.S. Central Command.
UpGuard called on DoD to have full visibility and oversight into its information technology infrastructure and data handling operations.