The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error resulted in classified emails intended for the US military being mistakenly sent to Mali, a close ally of Russia. The error occurred when the letter “i” was omitted from the “.mil” domain, leading the messages to be routed to the wrong recipients.
Cybersecurity experts emphasize the significance of this incident as it highlights how human error can compromise even the best cyber defenses, underscoring the need for cyber training and extra security measures, especially in high-pressure environments.
Jamie Akhtar, CEO of CyberSmart, comments on the importance of creating a culture of security within organizations to reinforce positive security behaviors. Javvad Malik, lead security awareness advocate at KnowBe4, adds that such incidents make it difficult to determine whether an action was a genuine mistake or deliberately malicious. The MoD clarifies that the incident involved fewer than 20 emails and reassures that none of them were classified as top secret.
An ongoing investigation aims to ensure there was no breach of operational security or disclosure of technical data, and the MoD states that emails of this kind are not classified at secret or above.
This incident bears resemblance to a similar typing error that occurred on July 17, where millions of US military emails were also mistakenly sent to Mali. Some of these emails were believed to contain sensitive information, such as passwords, medical records, and itineraries of high-ranking officers.
The case serves as a reminder of the importance of comprehensive cybersecurity measures, such as training staff and implementing failsafes, to prevent inadvertent data breaches and maintain the security of classified information.