It's not certain when the intrusion took place. Department staff warned leaders on October 4th after discovering the breach, but it might have taken place earlier and gone unnoticed. The organization is contacting affected individuals in the days ahead and promises fraud protection services.

The timing is... less than ideal. The Government Accountability Office only just issued a report saying that the Defense Department had made progress on securing its networks, but was falling short in protecting weapon systems. Clearly, there's work to be done beyond that, even if the scale isn't as large as some high-profile government hacks. Institutions are only as secure as the vendors they use, and a flaw at one partner can have far-reaching repercussions.