New Zealand’s Chris Ogle probably thought he was getting a good deal when he plunked down a little bit of money (reports range from $9 to $18) to buy a used iPod from an Oklahoma thrift outlet…but when he hooked up the iPod, he found some 60 pages of U.S. military data, including information on soldiers who served in Iraq and Afghanistan, equipment deployment lists, and mission information. Some of the information included private details about U.S. military personnel; most of the data dates from 2005.
Although the information contained in the iPod seems unlikely to have any material impact on U.S. national security, the leak of confidential personal information highlights the tremulous nature of information security in the digital age…especially in large organizations and bureaucracies that routinely process data on hundreds of thousands of individuals.
Similar data breaches have involved flash drives still loaded with U.S. military information being sold outside the U.S. air base in Bagram, Afghanistan, in 2006. The Department of Defense banned the use of USB storage devices in November 2008 to prevent exactly those kinds of data breaches…as well as to prevent personnel from inadvertently infecting military equipment with worms, malware, or spyware. And the issue is not confined to the United States: last year, a UK labor agency shut down its Web site after a flash drive containing password information was found in a pub parking lot.
Ogle says he will turn the iPod over the U.S. military upon request.
[Update: Ogle has turned over the iPod to U.S. embassy officials in New Zealand, who also brought him a new iPod.]
