The Department of Defense and Microsoft Corp. are looking into an incident that made the emails of military personnel, along with personal information and conversations between officials, visible to the public. This occurrence has put a spotlight on the security of shifting sensitive Pentagon information to the cloud. People who know the matter have reported exposure to at least a terabyte of emails.

The Pentagon’s Cyber Command is spearheading the inquiry with Microsoft, the organization that runs the Azure cloud computing service where the data was stored. According to individuals who asked to remain anonymous because the information had not been made public yet, no password was required to access the U.S. Special Operations Command server.

According to investigators, no indication has yet been found that the divulged data was accessed. However, they are still attempting to evaluate the leak’s consequences, as the people noted. A US Cyber Command speaker refused to make any remarks but noted that defensive cyber operators inspect and reduce the impact on networks they manage.

(Source: Marco Verch Professional Photographer/Flickr)

In the initial phases of assessing the allegations of emails being exposed, Sabrina Singh, a spokeswoman at the Pentagon, declared to the press that “it is not our policy to comment on the safety of our systems.”

An independent security researcher, Anurag Sen, discovered the leak and shared screenshots of the emails, which contained conversations between Pentagon officials and had already filled-out SF-86 forms, which are mandated to be filled out by federal employees to receive security clearances. This incident was reported earlier Tuesday by TechCrunch.

The people familiar with the matter had differing opinions on what caused the exposure, with one indicating a configuration error by Microsoft’s server, leaving it open to the public. At the same time, the other said a Pentagon employee was responsible.

Cloud Computing
Cloud Computing (Source: FutUndBeidl/Flickr)

The Pentagon’s effort to shift its data into commercial cloud computing will likely come under closer observation following the revelation of the leak. On Feb. 15, the Pentagon Inspector General released a report claiming that the agency’s personnel may need to be cognizant of the potential security vulnerabilities and risks associated with storing data in the cloud.

The breach may be complex as Microsoft attempts to obtain future contracts from the government. It is one of four businesses, including Alphabet Inc., Oracle Corp., and Inc., chosen by the Pentagon to contend for orders under a possible $9 billion cloud-computing contract. Microsoft had initially been awarded an earlier contract worth $10 billion; however, that was revoked after a legal challenge by Amazon.