Thousands of U.S. troops in South Korea may have had their credit card information stolen in a massive hack.
Information from one million credit cards, including at least 38,000 U.S.-issued cards, was stolen and posted for sale on the dark web in late May, Eighth Army-Korea warned in a Facebook post this week.
“Among the potentially compromised organizations was an unnamed credit union which provided services at U.S. Air Force bases in South Korea,” the post read.
The Army’s Major Cybercrime Unit-Korea determined with “medium confidence” that American service members were likely hacked, given the large U.S. military presence in South Korea. The Army advised troops who believe they could have been compromised to contact the three national credit bureaus to put a “fraud alert” on their reports.
Approximately 23,000 U.S. troops are stationed in South Korea. The Eighth Army, based at Camp Humphreys just south of the capital of Seoul, commands all U.S. Army forces in the country.
While it is unclear who is responsible for the hack, troops have been preyed on by cybercriminals and foreign countries before. Russia targeted the smartphones of at least 4,000 NATO troops, including Americans, in Eastern Europe in 2017 in an attempt to gather information on force strength. An unknown actor hacked the travel records of as many as 30,000 Department of Defense workers in 2018, compromising the personal and credit card information of troops and civilian employees.
The military has made significant efforts to not only improve its own cyber capabilities but to teach service members how to secure their own data. “Cyber hygiene” courses that tell troops how to protect their personal information have been part of Marine Corps basic training for years. The Army crafted a new cyber strategy in 2016 that puts an emphasis on good cyber habits across the entire workforce. The Navy has taken it a step further, announcing in May that it was exploring options to punish those who do not practice good cyber hygiene on a daily basis.
