An unsecured backup drive has exposed Attack.Databreach thousands of US Air Force documents , including highly sensitive personnel files on senior and high-ranking officers . Security researchers found that the gigabytes of files were accessible Attack.Databreach to anyone because the internet-connected backup drive was not password protected . The files , reviewed by ZDNet , contained a range of personal information , such as names and addresses , ranks , and Social Security numbers of more than 4,000 officers . Another file lists the security clearance levels of hundreds of other officers , some of whom possess `` top secret '' clearance , and access to sensitive compartmented information and codeword-level clearance . Phone numbers and contact information of staff and their spouses , as well as other sensitive and private personal information , were found in several other spreadsheets . The drive is understood to belong to a lieutenant colonel , whose name we are not publishing . ZDNet reached out to the officer by email but did not hear back . The data was secured last week after a notification by MacKeeper security researcher Bob Diachenko . Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals , both of whom recently had top US military and NATO positions . Both of these so-called SF86 applications contain highly sensitive and detailed information , including financial and mental health history , past convictions , relationships with foreign nationals , and other personal information . These completed questionnaires are used to determine a candidate 's eligibility to receive classified material . Several national security experts and former government officials we spoke to for this story described this information as the `` holy grail '' for foreign adversaries and spies , and said that it should not be made public . For that reason , we are not publishing the names of the generals , who have since retired from service . Nevertheless , numerous attempts to contact the generals over the past week went unreturned . `` Some of the questions ask for information that can be very personal , as well as embarrassing , '' said Mark Zaid , a national security attorney , in an email . The form allows prospective applicants to national security positions to disclose arrests , drug and alcohol issues , or mental health concerns , among other things , said Zaid . Completed SF86 forms are n't classified but are closely guarded . These were the same kinds of documents that were stolen Attack.Databreach in a massive theft Attack.Databreach of sensitive files at the Office of Personnel Management , affecting more than 22 million government and military employees . One spreadsheet contained a list of officers under investigation by the military , including allegations of abuses of power and substantiated claims of wrongdoing , such as wrongfully disclosing classified information . Nevertheless , this would be the second breach Attack.Databreach of military data in recent months . of Defense subcontractor , was the source of a large data exposure Attack.Databreach of military personnel files of physical and mental health support staff . Many of the victims involved in the data leak Attack.Databreach are part of the US Special Operations Command ( SOCOM ) , which includes those both formerly employed by US military branches , such as the Army , Navy , and Air Force , and those presumably still on active deployment . It 's not known how long the backup drive was active .

In recent years , ransomware has become a growing concern for companies in every industry . Between April 2015 and March 2016 , the number of individuals affected by ransomware surpassed 2 million — a 17.7 % increase from the previous year . Ransomware attacks function by breaching systems , usually through infected email , and locking important files or networks until the user pays a specified amount of money . According to FBI statistics cited in a Malwarebytes report , hackers gained more than $ 209 million from ransomware payments Attack.Ransom in the first three months of 2016 , putting ransomware on track to rake in nearly $ 1 billion this year . But as a result of increased ransom-avoidance , cybercriminals have created an even more insidious threat . Imagine malware that combines ransomware with a personal data leak Attack.Databreach : this is what the latest threat , doxware , looks like . With doxware , hackers hold computers hostage Attack.Ransom until the victim pays the ransom Attack.Ransom , similar to ransomware . But doxware takes the attack further by compromising Attack.Databreach the privacy of conversations , photos , and sensitive files , and threatening to release them publicly unless the ransom is paid Attack.Ransom . Because of the threatened release , it 's harder to avoid paying the ransom Attack.Ransom , making the attack Attack.Ransom more profitable for hackers . In 2014 , Sony Pictures suffered an email phishing malware attack Attack.Phishing that released Attack.Databreach private conversations between top producers and executives discussing employees , actors , industry competitors , and future film plans , among other sensitive topics . And ransomware attacks Attack.Ransom have claimed a number of recent victims , especially healthcare systems , including MedStar Health , which suffered a major attack Attack.Ransom affecting 10 hospitals and more than 250 outpatient centers in March 2016 . Combine the data leak Attack.Databreach of Sony and the ransomware attack Attack.Ransom on MedStar and you can see the potential fallout from a doxware attack . Doxware requires strategic , end-to-end planning , which means hackers will target their victims more deliberately . Looking at the data leaked Attack.Databreach from Sony , it 's easy to imagine the catastrophic effect doxware would have on an executive of any major corporation . Company leaders hold countless conversations over email each day on sensitive topics ranging from product development to competition to internal politics , and if there 's a doxware attack , the fallout could be extensive . Expect Things to Get WorseThe technology behind doxware is still new , but expect the problem to become worse . Recent attacks have been contained to Windows desktop computers and laptops , but this will certainly change . Once the malware can infiltrate mobile devices , the threat will become even more pervasive , with text messages , photos , and data from apps at risk for being leaked Attack.Databreach . It 's also highly likely that doxware will target more types of files . Workplace emails are currently a big target for hackers . However , a company 's internal communications/instant messaging network is also appealing to hackers using doxware , as the messaging network often serves as a platform where both sensitive business discussion and casual conversations take place , potentially exposing both company secrets and personally embarrassing exchanges . One of these variants hold files ransom Attack.Ransom with the threat of release and then steals Attack.Databreach a victim 's passwords . Another mutation , Popcorn Time , takes doxware even further giving victims the option to infect two of their friends with the malware instead of paying the ransom Attack.Ransom .