Misdelivered from MIL to Mali

by | Jul 24, 2023

File this one under the heading, “You can’t make this stuff up.”

On July 18, the Financial Times reported that millions of emails, many of which contained sensitive—and even classified—information, have been filling an in box in the Republic of Mali for nearly a decade. Instead of going to the U.S. military domain .MIL, the emails were arriving at the northern African country’s .ML domain. The problem was first reported nearly ten years ago by Johannes Zuurbier, a Dutch contractor who manages Mali’s national domain. Zuurbier alerted officials in the U.S., but the problem persists and because his contract is about to expire, the Malian domain will soon revert to government control. Unless something changes fast, the issue could become a matter of national security.

“This risk is real and could be exploited by adversaries of the U.S.,” Zuurbier told the Financial Times.

According to the article, data that has ended up in Zuurbier’s hands courtesy emails sent to .ML instead of .MIL includes:

  • X-rays and medical data
  • Identity document information
  • Crew lists for ships and staff lists at bases
  • Maps of installations and photos of bases
  • Naval inspection reports
  • Contracts,
  • Criminal complaints against personnel
  • Internal investigations into bullying
  • Official travel itineraries and bookings, and
  • Tax and financial records

A Shocking Misdelivery

This is a shocking example of data misdelivery, a common data breach cause. Misdelivery is when sensitive data is sent to the wrong recipient, usually because of human error. Someone types the wrong name or makes some other mistake that results in health, financial, personal, or classified files ending up in the wrong hands. According to the 2023 Verizon Data Breach Investigations Report (VDBIR), data misdelivery is a factor in 43% of all data breaches. There are many reasons for data misdelivery, but there is no excuse for data misdelivery.

The transfer of important files that contain vital business information is a common task for millions of organizations around the country. Digital supply chains are large and complex. In healthcare, medical records are shared with insurance companies, government agencies, fellow providers, imaging processors, and many more service providers. In financial services there are payments, transfers, and other transaction records, payroll data, credit applications, anti-fraud and many more files that must be shared between organizations.

Every organization in every industry sends and receives data, and if it doesn’t get to the right place on time, business processes are at risk. If it goes to the wrong place, personal privacy and organizational viability may be at risk. That is why it is imperative that file transfers be handled with the utmost care. Email is not the right medium for sending such important data. Instead, organizations responsible for sending and receiving sensitive data, including personally identifiable information (PII), protected health information (PHI), intellectual property (IP), and other business-critical files often turn to a managed file transfer (MFT) platform, like our Diplomat MFT software.

Minimizing Misdeliveries

With Diplomat MFT you can easily establish process automations to handle scheduled file transfers, whether multiple times a day, weekly, monthly, or at any interval needed. Authorized recipients are verified before automations are established to ensure that transferred files are never misdelivered. And because all files are automatically encrypted using OpenPGP, those files are of no use to anyone without the encryption key. Another “good to know” when using Diplomat MFT is that that the administration dashboard is only available to users with a “need to access,” using multifactor authentication, and every step of the process is recorded for auditability and forensics. And, should anything go wrong, Diplomat MFT will send an alert to your medium of choice (email, text, Slack, etc.) so you can rectify the situation.

People make mistakes. But there are tools available to help us minimize the risk of human error and avoid embarrassing and costly data breaches. We are proud of the fact that Diplomat MFT is one such tool, and that thousands of organizations around the world rely on it to handle their most sensitive data transfers. If you’d like to join their ranks, we invite you to try Diplomat MFT free for 15 days to see for yourself how easy and reliable it is.