The **National Personnel Records Center (NPRC)**, a division of the **National Archives and Records Administration (NARA)**, inadvertently disclosed the **unredacted military personnel file** of **Rep. Mikie Sherrill (D-NJ)**, including her **Social Security number (SSN), date of birth, and other sensitive personal data**, to an unauthorized **FOIA requester**—**Nicolas de Gregorio**, a former Republican candidate. The breach occurred in **June 2024** when a technician failed to follow **standard operating procedures**, releasing the **full record** instead of only publicly available information. The NPRC acknowledged the error, offered **credit monitoring** to Sherrill, and requested the recipient not disseminate the data. The incident sparked outrage among **top Democrats**, including **Hakeem Jeffries** and **Adam Smith**, who called for a **criminal investigation** into the **unlawful disclosure**. This breach follows similar past incidents, such as the **2021–2022 illegal release of military records** belonging to **Rep. Don Bacon (R-NE)** and **Zach Nunn (R-IA)** to the **Democratic Congressional Campaign Committee**. The case highlights systemic vulnerabilities in **FOIA processing** and **veterans' data protection**, prompting calls for **policy reviews, staff retraining, and stricter safeguards** to prevent future privacy violations.
TPRM report: https://www.rankiteo.com/company/usnatarchives
"id": "usn5262452092625",
"linkid": "usnatarchives",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Government/Politics',
'location': 'Randolph, NJ, USA',
'name': 'Rep. Mikie Sherrill (D-NJ)',
'type': 'Individual (U.S. Congresswoman, Veteran, NJ '
'Gubernatorial Candidate)'},
{'customers_affected': ['Veterans with Military Records '
'on File'],
'industry': 'Public Records Management',
'location': 'St. Louis, MO, USA',
'name': 'National Personnel Records Center (NPRC)',
'type': 'Government Agency (Under National Archives)'},
{'location': 'United States',
'name': 'U.S. Veterans (Broader Impact)',
'type': 'Group'}],
'customer_advisories': ['NPRC offered Rep. Sherrill free credit monitoring '
'services.',
'Rep. Sherrill advised veterans via social media that '
'their records may not be safe under current '
'procedures.'],
'data_breach': {'data_exfiltration': ['Unintentional (via FOIA Response)'],
'file_types_exposed': ['Official Military Personnel File '
'(OMFP)'],
'number_of_records_exposed': 1,
'personally_identifiable_information': ['Social Security '
'Number',
'Date of Birth',
'Military Service '
'Records'],
'sensitivity_of_data': 'High (Includes SSN, DOB, Military '
'Service Details)',
'type_of_data_compromised': ['Military Personnel File',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-08-15',
'date_publicly_disclosed': '2024-08-15',
'description': 'The National Personnel Records Center (NPRC) inadvertently '
'disclosed an unredacted Official Military Personnel File of '
'Rep. Mikie Sherrill (D-NJ) to an unauthorized FOIA requester, '
'Nicolas de Gregorio, a former Republican candidate in New '
'Jersey. The breach included sensitive personal data such as '
"Sherrill's Social Security number and date of birth. The "
'incident was acknowledged by NPRC Director Scott Levin, who '
'cited a failure to follow standard operating procedures. The '
'disclosure has sparked calls for a criminal investigation by '
'top Democrats, including Rep. Hakeem Jeffries and Rep. Adam '
'Smith. The NPRC has offered Sherrill free credit monitoring '
'and requested de Gregorio not to disseminate the information. '
'This follows similar past breaches involving military records '
'of other lawmakers, including Rep. Don Bacon (R-NE) and Rep. '
'Zach Nunn (R-IA) in 2021–2022.',
'impact': {'brand_reputation_impact': ['Erosion of Trust in National Archives '
'and NPRC',
'Perception of Political Weaponization '
'of Military Records'],
'customer_complaints': ['Public Outcry from Veterans and '
'Lawmakers'],
'data_compromised': ['Social Security Number',
'Date of Birth',
'Full Military Personnel File'],
'identity_theft_risk': ['High (Due to SSN Exposure)'],
'legal_liabilities': ['Potential Criminal Investigation',
'Violation of Privacy Laws'],
'operational_impact': ['Loss of Trust in FOIA Processing',
'Policy Review and Staff Retraining '
'Required'],
'systems_affected': ['National Personnel Records Center (NPRC) '
'FOIA Processing System']},
'investigation_status': ['Ongoing (Internal Review by NPRC)',
'Calls for Criminal Investigation by Congress',
'Congressional Oversight Expected'],
'lessons_learned': ['Human error in FOIA processing can lead to severe '
'privacy breaches.',
'Military records require stricter redaction protocols to '
'prevent unauthorized PII disclosure.',
'Political motivations can exacerbate the impact of '
'administrative failures.',
'Proactive monitoring and auditing of FOIA responses are '
'critical for sensitive records.'],
'motivation': ['Political Targeting (Alleged)', 'Administrative Negligence'],
'post_incident_analysis': {'corrective_actions': ['Policy and procedure '
'review at NPRC.',
'Additional staff training '
'on FOIA compliance and PII '
'protection.',
'Potential legislative '
'reforms to FOIA processing '
'for military records.',
'Enhanced oversight of FOIA '
'requests involving '
"veterans' data."],
'root_causes': ['Failure to adhere to FOIA '
'redaction procedures for '
'sensitive military records.',
'Inadequate staff training on '
'handling PII in high-profile '
'cases.',
'Lack of automated safeguards to '
'prevent full-record disclosures.',
'Potential political targeting via '
'FOIA requests for military '
'records.']},
'recommendations': ['Implement automated redaction tools for FOIA responses '
'involving military records.',
'Enhance training for NPRC staff on handling sensitive '
'PII, especially for high-profile individuals.',
'Establish clearer guidelines for FOIA requests targeting '
'military records of public officials.',
'Conduct regular audits of FOIA processing procedures to '
'identify and mitigate risks.',
'Explore legislative changes to strengthen protections '
"for veterans' military records under FOIA.",
'Develop a rapid-response protocol for breaches involving '
'high-profile individuals to minimize reputational and '
'operational damage.'],
'references': [{'date_accessed': '2024-08-15', 'source': 'CNN'},
{'date_accessed': '2024-08-15',
'source': 'Daily Record/USA Today Network (Photo Credit)'},
{'date_accessed': '2024-08-15',
'source': 'Rep. Mikie Sherrill (Social Media Statement)'},
{'date_accessed': '2024-08-15',
'source': 'Rep. Hakeem Jeffries (Statement)'},
{'date_accessed': '2024-08-15',
'source': 'Rep. Adam Smith (Statement)'},
{'date_accessed': '2024-08-15',
'source': 'Rep. Don Bacon (Statement on Past Breaches)'}],
'regulatory_compliance': {'legal_actions': ['Calls for Criminal Investigation',
'Potential Administrative '
'Accountability'],
'regulations_violated': ['Freedom of Information '
'Act (FOIA) Procedures',
'Privacy Laws (Potential)'],
'regulatory_notifications': ['Internal Review by '
'NPRC',
'Congressional '
'Oversight Expected']},
'response': {'communication_strategy': ['Public Statements by NPRC Director '
'Scott Levin',
'Media Engagement via CNN',
'Social Media Statement by Rep. '
'Sherrill'],
'containment_measures': ['Request to FOIA Requester (Nicolas de '
'Gregorio) Not to Disseminate Data'],
'incident_response_plan_activated': ['Acknowledgment Letter to '
'Rep. Sherrill',
'Internal Review Initiated'],
'law_enforcement_notified': ['Potential (Calls for Criminal '
'Investigation by Democrats)'],
'remediation_measures': ['Free Credit Monitoring for Rep. '
'Sherrill',
'Policy and Procedure Review',
'Additional Staff Training']},
'stakeholder_advisories': ['National Archives spokesperson Grace McKaffrey '
'confirmed the technician failed to follow '
'standard operating procedures.',
'Top Democrats (Jeffries, Smith) have demanded '
'accountability and a full investigation.',
'Rep. Don Bacon highlighted past breaches and '
"called for better protections for veterans' "
'records.'],
'threat_actor': {'motivation': ['Political',
"Unclear (FOIA Request for 'Publicly "
"Available Data')"],
'name': 'Nicolas de Gregorio',
'type': 'Individual (Former Republican Candidate)'},
'title': "Unauthorized Disclosure of Rep. Mikie Sherrill's Military Records "
'by National Archives',
'type': ['Data Breach', 'Privacy Violation', 'Unauthorized Disclosure'],
'vulnerability_exploited': ['Human Error',
'Improper FOIA Redaction Procedures',
'Failure to Follow Standard Operating Procedures']}