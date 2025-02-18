“The Coast Guard is still investigating the source and scope of the breach," the service said in a statement.

The Coast Guard is in the midst of investigating a data breach within its personnel and payroll system that delayed bi-weekly pay for 1,135 service members.

The Coast Guard said it temporarily shut down its Direct Access system as it investigates the breach.

“Workforce access will be restored as soon as possible,” the Coast Guard told Federal News Network in a statement.

Some service members’ direct deposit account and routing information was compromised. It is unclear what types of data besides service members’ bank information may have been exposed or how widespread the breach is.

“If the investigation determines that any additional information was compromised, impacted members will be notified and updated,” said the Coast Guard.

“The Coast Guard is still investigating the source and scope of the breach. Due to the diligence of a junior Petty Officer who reported anomalous activity affecting their account to the Coast Guard Cyber Command, we were able to minimize the impact of the breach.”

Direct Access is the service’s primary system for human resources and payroll support for active duty, reserve, and retired active duty and retired reserve Coast Guard personnel. It provides military assignment processing, supports recruitment and accession processes, schedules training, processes promotions and disciplinary actions and provides payroll, among other functions.

DA, built on a legacy system, has been prone to frequent outages for maintenance and updates, making it unusable for most users for extended periods of time.

Nearly a year ago, the service had another data breach that impacted over 10,000 members of the Coast Guard Reserve. Service members’ home addresses, names and employee identification numbers were exposed as a result of that breach. At the time, the Coast Guard advised the affected service members to closely monitor credit reports and set up a fraud alert to protect against identity theft.

The breach also comes the same week the Government Accountability Office released a report urging the Coast Guard to address cybersecurity risks to the Maritime Transportation System, which includes approximately 360 commercial sea and river ports responsible for more than $5.4 trillion in annual U.S. economic activity. Last year, former President Joe Biden signed an executive order expanding the Coast Guard’s authority to address cyber threats targeting maritime systems.

The Department of Transportation Maritime Administration has long warned that U.S. ports are increasingly vulnerable to cyber attacks due to the many stakeholders managing their operations.

“The consequences of a cyber attack on the port infrastructure extend far beyond financial losses. Disruptions to the supply chain can have cascading effects on global economies, impacting industries and livelihoods.” Rear Adm. John Vann, commander of Coast Guard Cyber Command, said last year.

GAO’s report also found that facilities and vessels “increasingly rely on technology that is vulnerable to cyberattacks” and that “cyber incidents have affected port operations, and the potential impacts of future incidents could be severe.”

The watchdog says the Coast Guard needs to update its system of record to provide ready access to complete cyber deficiency data; align its cybersecurity strategy with a broader national cyber strategy; and evaluate and address its cyber workforce gap.

