A simple typographical error in the Pentagon’s email system has raised serious security concerns after millions of sensitive U.S. military emails were inadvertently sent to Mali instead of their intended destination, according to a report by the Financial Times.
The messages, which were originally meant for the U.S. military domain “.MIL,” were mistakenly routed to Mali’s domain “.ML” due to the typographical error. A Pentagon spokesperson confirmed the incident in a statement to Fox News.
Among the misdirected emails was one containing travel plans for Army Chief of Staff General James McConville, as reported by the Daily Mail.
While the leaked material was unclassified, it contained sensitive information such as diplomatic documents, tax returns, passwords, and travel details of high-ranking military officials. The exposure of this data raises concerns about potential exploitation by adversaries.
The wrongly directed emails included official travel itineraries and bookings, posing a risk to the safety of U.S. officials traveling abroad if the information falls into the wrong hands.
Retired Admiral Mike Rogers, former commander of U.S. Cyber Command and director of the National Security Agency, emphasized that even unclassified information can be used to generate intelligence when there is sustained access, as he told the Financial Times.
The incident is particularly alarming considering the Pentagon’s typically stringent communication procedures.
Dutch entrepreneur Johannes Zuurbier, who has managed Mali’s domain for the past decade, inadvertently received over 117,000 Pentagon emails this year. Concerns arise as Zuurbier’s contract is set to expire, potentially leading to control of Mali’s domain reverting to the country’s government. Given Mali’s close ties with Russia, this development raises additional worries, as reported by Fortune.
This significant oversight comes in the wake of a series of high-profile cyberattacks on the U.S., including recent attacks by China-based hackers targeting U.S. government emails through a Microsoft cloud system. Microsoft is actively investigating the incident, while the Biden administration has pledged to impose consequences on those responsible for such breaches.