In October 2016, Hewlett-Packard Enterprise (HPE) experienced a significant data breach involving a compromised laptop belonging to an employee working on a U.S. Navy contract. The breach exposed sensitive information from the **Career Waypoints (C-WAY) database**, a system used by sailors to manage reenlistment requests and Navy Occupational Specialty details. The leaked data included **personal information of 134,386 current and former U.S. Navy sailors**, such as **names and Social Security numbers (SSNs)**. The incident stemmed from unauthorized access to the employee’s laptop, which contained unencrypted C-WAY records. While the exact method of compromise was not disclosed, the exposure of such highly sensitive military personnel data posed severe risks, including **identity theft, targeted phishing, and potential national security concerns**. The U.S. Navy, alongside HPE, launched an investigation, but the breach underscored critical vulnerabilities in **third-party contractor security protocols** and the handling of classified or personally identifiable information (PII). The fallout included **reputational damage to HPE**, heightened scrutiny over defense contractor cybersecurity practices, and mandatory credit monitoring for affected sailors. The breach also prompted reviews of **data encryption standards** and access controls for systems managing military personnel records.
Source: https://threatspan.com/2017/12/29/top-11-maritime-security-compromises-of-all-time/
TPRM report: https://www.rankiteo.com/company/hewlett-packard-enterprise
"id": "hew513092125",
"linkid": "hewlett-packard-enterprise",
"type": "Breach",
"date": "10/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '134,386 sailors (current and '
'former)',
'industry': 'defense',
'location': 'United States',
'name': 'U.S. Navy',
'type': 'government/military'},
{'industry': 'information technology',
'location': 'United States',
'name': 'Hewlett-Packard Enterprise (HPE)',
'type': 'private corporation'}],
'data_breach': {'data_exfiltration': 'yes',
'number_of_records_exposed': '134,386',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'high (includes Social Security '
'numbers)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'military occupational data']},
'date_detected': '2016-10',
'description': 'In October 2016, the US Navy and Hewlett-Packard Enterprise '
'were involved in a data breach. The breach involved a '
'compromised laptop belonging to a Hewlett Packard Enterprise '
'Services employee working on a U.S. Navy contract. '
'Unauthorized individuals accessed sensitive information on '
'current and former sailors, including data from the Career '
'Waypoints (C-WAY) database, which contains reenlistment '
'requests and Navy Occupational Specialty details. The breach '
'resulted in the leak of personal data, including names and '
'Social Security numbers of 134,386 U.S. Navy sailors.',
'impact': {'brand_reputation_impact': 'potential reputational damage to U.S. '
'Navy and Hewlett-Packard Enterprise',
'data_compromised': ['names', 'Social Security numbers'],
'identity_theft_risk': 'high (due to exposed SSNs)',
'systems_affected': ['Career Waypoints (C-WAY) database']},
'initial_access_broker': {'entry_point': 'compromised laptop',
'high_value_targets': ['Career Waypoints (C-WAY) '
'database']},
'title': '2016 U.S. Navy and Hewlett-Packard Enterprise Data Breach',
'type': 'data breach',
'vulnerability_exploited': 'compromised laptop (physical or logical access)'}