In November, when Army officials decided to launch the service’s first-ever bug bounty, one of the key questions they wanted to answer was whether sensitive personnel records were vulnerable to theft by hackers via the…