WASHINGTON (Reuters) - Potentially sensitive engineering documents about the U.S. presidential helicopter were found on a computer in Iran after they were inadvertently disclosed by an American defense industry executive, according to a private cybersecurity company.
Keith Tagliaferri, director of operations at Tiversa, a Pennsylvania-based company that monitors data breaches linked to peer-to-peer file sharing, said the defense contractor and the U.S. government were investigating the incident.
Tagliaferri declined to name the U.S. contractor or give any information about the identity of the Iranian computer where the file was found on February 25.
A spokesman for the Navy said on Monday the service was looking into reports of the alleged data breach, but had no further comment. The presidential helicopters are operated by the Marine Corps, a part of the Navy.
Tiversa said it noticed the disclosure of the file containing engineering and avionics data about the existing VH-60 presidential helicopter several months ago. That helicopter is built by Sikorsky Aircraft, a unit of United Technologies Corp. The cybersecurity company said it immediately notified a Bethesda, Maryland-based defense contractor.
The data breach did not involve the new generation of presidential helicopter being developed by Lockheed Martin Corp. That VH-71 helicopter project, which is more than 50 percent over budget, was singled out by President Barack Obama last week as an example of the Pentagon’s procurement process “gone amok”.
Connecticut-based Sikorsky said it was investigating the incident and declined further comment.
Tagliaferri said the employee was a high-level executive, but the breach took place outside the company’s offices, indicating the executive may have had the helicopter data on a home or personal computer that was also used to share music or movies. The disclosure was likely unintentional, he said.
The file was found on an Iranian computer on February 25, several months later, Tagliaferri said.
The Maryland-based defense contractor, which he did not name, immediately informed the U.S. government, Tagliaferri said. He said the company was not a Tiversa customer, which meant his company had not noticed the data breach until some time after it occurred.
Tiversa downloads more than 100,000 files a day that are inadvertently disclosed through peer-to-peer music and movie sharing software, which give users around the world direct access to another person’s computer. The files can include Social Security numbers, payroll data, tax returns and many other sensitive documents, Tagliaferri said.
“This is like a stolen laptop times a million,” Tagliaferri said, noting that data breaches through file sharing networks were growing increasingly more common as more people shared electronic versions of movies and music. Hackers and criminals are becoming more savvy in pinpointing such files, he said.
Lockheed Martin, which is based in Bethesda, said it was aware of media reports about the disclosed data, had discussed it with the government, and was awaiting further word on whether it involved the existing helicopter fleet.
Reporting by Andrea Shalal-Esa; Editing by Tim Dobbyn