Pentagon - Defense Department travel
records suffered a data breach that compromised the PI and
credit card data of U.S. military and civilian personnel.
- Read on
securityaffairs.co/wordpress/77097/data-breach/pentagon-travel-records-data-breach.html
Twenty some odd years ago I worked on a proposal team to win this very contract. As a security practitioner in the 90's, the level of security that the DoD wanted was refreshing. This was the first example of a potential client understanding the risk of metadata - that someone could potentially deduce what the DoD planned by watching non-military travel records without necessarily having access to the detail.
No one was thinking specifically about payment or personal information. It was probably assumed that other threat scenarios would cover this data, but my recollection is hazy at best.
By the way, my employer and deal partners did not win the contract.
Also on: