It is “not difficult” to obtain the sensitive, personal information of American military service members, and brokers are selling such data on the open market, creating a risk to U.S. national security, a new report from Duke University says.
Researchers at the university’s Sanford School of Public Policy easily bought the sensitive information of American active-duty service members and of veterans for up to $0.32 from various .org and .asia websites.
The data includes nonpublic information about health, finances and religious practices, according to the study.
Researchers said data brokers fail to use best practices on determining the identity of people, can sell data to third-party data brokers who can then sell to foreign countries and that “these inconsistent practices are highly unregulated by the U.S. government.”
The ability to exploit such data poses a serious risk to national security, allowing bad actors to blackmail or damage a service member’s reputation.
“An industry that builds and sells detailed profiles on Americans could be exploited by hostile actors to target military servicemembers and veterans, as a subset of the U.S. population,” they wrote, noting that foreign governments could also hack the collected data from brokers. “Many veterans often still know currently classified information, even if they are no longer active-duty members of the military.”
Data brokers, operating in a multibillion-dollar industry, collect detailed personal information on nearly every American in the country to sell and share with other companies.
Some data brokers include well-known credit reporting agencies such as Equifax, Experian and TransUnion, but also tech companies such as Oracle and smaller, private firms.
The information they mine can be incredibly detailed, such as a person’s political beliefs, lifestyle habits and health conditions.
Duke University researchers first raised questions about the potential for exploitation of U.S. military service members in 2021, but the study released this month involved 12 months of effort to determine how widespread the issue was.
Researchers first scraped data broker websites and found thousands of hits for the words “military” and “veteran.” They later contacted 12 U.S. data brokers to purchase information about individual service members, and multiple brokers handed them back hundreds of results.
Ultimately, they were able to buy datasets that included detailed information about thousands of service members.
The study’s authors recommended the Pentagon work to exert greater control over service member data when working with contracts, for Congress to introduce legislation that reins in the data brokerage ecosystem and for regulatory agencies to tighten policies and enforcement.
“There are a number of risks to U.S. national security that have gone unaddressed in current law, policy, regulation, and technology,” researchers wrote. “Until there are changes in the way this data is gathered, shared, analyzed, licensed, and sold, these risks will persist.”