A DOD contractor’s API flaw exposed military course data and service member records

SITREP: A flaw in the API of Schemata, a Department of Defense contractor, resulted in the exposure of sensitive military course data and personal information of service members, including names, emails, and base assignments. The issue has since been patched following notification to government authorities. TACTICAL ASSESSMENT: This incident highlights vulnerabilities in contractor systems that handle sensitive military data, raising concerns about the security protocols in place. The exposure of personal information could lead to targeted threats against service members and undermine operational security. PROJECTED VECTORS: Future incidents may prompt increased scrutiny and regulatory measures for contractors handling sensitive military information.