Booz Allen Hamilton, one of America's top defence contractors, is facing concerns over its security practices after sensitive Pentagon files were found on an Amazon server with no password protection. The files -- marked as "sensitive, but unclassified"-- were discovered by UpGuard, a cyber-resilience firm. he said files discussed work for the U.S. National Geospatial-Intelligence Agency, as well as various credentials including that of a Booz Allen senior engineer.
On Tuesday, Missouri Senator Clair McCaskill aired her concerns about the security protocols at the company in a letter. McCaskill, the top-ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, says part of her concern is due to two high-profile security breaches from Booz Allen within the past few years, including the one carried out by Edward Snowden, a former employee of the contractor.
Now, says McCaskill, the most recent incident has raised "serious questions about the security protocols that [Booz Allen] has in place to prevent these types of occurrences" She further aired her hopes this inquiry will help answer questions as to what Booz Allen was doing to "end this pattern." She stressed that it is "of vital importance that no one can gain unauthorized access to national security information," but that Booz Allen Hamilton still put "sensitive information out there for the world to see."
Booz Allen, an organization once called one of the most profitable spy operation in the world, came out with its own statement, noting that no classified data was leaked.
"No classified data was available on the affected unclassified cloud environments, and no usernames and passwords in that environment could have been used to access classified information," the statement said.
"As soon as we learned of this matter, we took action to secure the impacted area, alerted our client and began an investigation."