An unsecured backup drive has exposed Attack.Databreach thousands of US Air Force documents , including highly sensitive personnel files on senior and high-ranking officers . Security researchers found that the gigabytes of files were accessible Attack.Databreach to anyone because the internet-connected backup drive was not password protected . The files , reviewed by ZDNet , contained a range of personal information , such as names and addresses , ranks , and Social Security numbers of more than 4,000 officers . Another file lists the security clearance levels of hundreds of other officers , some of whom possess `` top secret '' clearance , and access to sensitive compartmented information and codeword-level clearance . Phone numbers and contact information of staff and their spouses , as well as other sensitive and private personal information , were found in several other spreadsheets . The drive is understood to belong to a lieutenant colonel , whose name we are not publishing . ZDNet reached out to the officer by email but did not hear back . The data was secured last week after a notification by MacKeeper security researcher Bob Diachenko . Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals , both of whom recently had top US military and NATO positions . Both of these so-called SF86 applications contain highly sensitive and detailed information , including financial and mental health history , past convictions , relationships with foreign nationals , and other personal information . These completed questionnaires are used to determine a candidate 's eligibility to receive classified material . Several national security experts and former government officials we spoke to for this story described this information as the `` holy grail '' for foreign adversaries and spies , and said that it should not be made public . For that reason , we are not publishing the names of the generals , who have since retired from service . Nevertheless , numerous attempts to contact the generals over the past week went unreturned . `` Some of the questions ask for information that can be very personal , as well as embarrassing , '' said Mark Zaid , a national security attorney , in an email . The form allows prospective applicants to national security positions to disclose arrests , drug and alcohol issues , or mental health concerns , among other things , said Zaid . Completed SF86 forms are n't classified but are closely guarded . These were the same kinds of documents that were stolen Attack.Databreach in a massive theft Attack.Databreach of sensitive files at the Office of Personnel Management , affecting more than 22 million government and military employees . One spreadsheet contained a list of officers under investigation by the military , including allegations of abuses of power and substantiated claims of wrongdoing , such as wrongfully disclosing classified information . Nevertheless , this would be the second breach Attack.Databreach of military data in recent months . of Defense subcontractor , was the source of a large data exposure Attack.Databreach of military personnel files of physical and mental health support staff . Many of the victims involved in the data leak Attack.Databreach are part of the US Special Operations Command ( SOCOM ) , which includes those both formerly employed by US military branches , such as the Army , Navy , and Air Force , and those presumably still on active deployment . It 's not known how long the backup drive was active .

In what ’ s becoming a familiar refrain to guests , InterContinental Hotels Group , said late last week that payment card systems at more than 1,000 of its hotels had been breached Attack.Databreach . It ’ s the second breach that IHG , a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its chains , has disclosed this year . The company acknowledged in February that a credit card breach Attack.Databreach affected 12 of its hotels and restaurants . In a notice published to its site on Friday the company said a second breach Attack.Databreach occurred at select hotels between Sept. 29 and Dec. 29 last year . IHG says there ’ s no evidence payment card data was accessed Attack.Databreach after that point but can ’ t confirm the malware was eradicated until two to three months later , in February/March 2017 , when it began its investigation around the breach . Like most forms of payment card malware these days , IHG said the variant on their system siphoned track data Attack.Databreach – customers ’ card number , expiration date , and internal verification code – from the magnetic strip of cards as they were routed through affected hotel servers . The hotelier said the first breach Attack.Databreach also stemmed from malware found on servers used to process credit cards , but from August to December 2016 . That breach Attack.Databreach affected hotels , along with bars and restaurants at hotels , such as Michael Jordan ’ s Steak House and Bar at InterContinental Chicago and the Copper Lounge at Intercontinental Los Angeles . IHG didn ’ t state exactly how many properties were affected by the second breach Attack.Databreach but that customers can use a lookup tool the company has posted to its site to search for hotels in select states and cities . IHG gives a timeline for each property and says hotels listed on the tool “ may have been affected. ” A cursory review of hotels in the lookup tool suggests far more than a dozen – more than a thousand – hotels , were affected by the malware . IHG says that since the investigation is ongoing the tool may may be updated periodically . Some properties , for a reason not disclosed , elected to not participate in the investigation , IHG said . While the company operates 5,000 hotels worldwide this most recent breach Attack.Databreach affects mostly U.S.-based chains . One hotel in Puerto Rico , a Holiday Inn Express in San Juan , is the only non-U.S. property that hit by malware this time around , IHG claims . The company said it began implementing a point-to-point encryption payment solution – technology that can reportedly prevent malware from scouring systems for payment card data last fall . The hotels that were hit by this particular strain of malware had not yet implemented the encryption technology , IHG claims . The news comes as an IHG subsidiary , boutique hotel chain Kimpton , is fighting a class action court case that alleges the company failed to take adequate and reasonable measures to protect guests payment card data . The chain said it was investigating a rash of unauthorized charges on cards used at its locations last summer . It eventually confirmed a breach Attack.Databreach in late August that involved cards used from Feb. 16 , 2016 and July 7 , 2016 at nearly all of its restaurants and hotels .