Data on active US military personnel offered by data brokers.

Sensitive personal information belonging to thousands of active-duty US military personnel can be purchased for as little as twelve cents per record from online data brokers, researchers at Duke University have found. The information includes health data, financial data, location data, information about religious practices, and more. 

Dossiers for suitable for espionage targeting.

The researchers note that the availability of such data poses national security risks, though the data brokerage industry remains largely unregulated in the US: “In short, an industry that builds and sells detailed profiles on Americans could be exploited by hostile actors to target military servicemembers and veterans, as a subset of the U.S. population. Many veterans often still know currently classified information, even if they are no longer active-duty members of the military.”

Justin Sherman, a senior fellow at Duke’s Sanford School of Public Policy, told CNN, “It was way too easy to obtain this data: a simple domain, 12 cents a service member, and no background checks on our purchases. If our research team, subject to university research ethics and privacy processes, could do this in an academic study, a foreign adversary could get data in a heartbeat to profile, blackmail, or target military personnel.”

Deplorable, sure, but to be expected.

Espionage is a concern, but so is simple criminal targeting. Collecting personal data serves both intelligence and criminal purposes. Erich Kron, security awareness advocate at KnowBe4, emailed, “While this is concerning, it's also not completely unexpected after these significant breaches suffered by OPM, medical facilities, healthcare providers, and other organizations. This could potentially open the individuals, whose information has been leaked, to threats or make them targets for nation states. Depending on the actual information that has been leaked, it might be possible to surmise if some of these victims have, or had, access to classified systems or information or other threat intelligence that might be useful for our adversaries.”