API Flaw in DOD Contractor Schemata Exposed Sensitive Military Data

Researchers identified an API flaw in Schemata, a Department of Defense (DOD) contractor, that exposed sensitive military data, including service member names, emails, base assignments, and course materials. The vulnerability was patched by the company, which subsequently notified government authorities. The incident involved no confirmed misuse of the exposed data, though the extent of unauthorized access remains unclear. The Defense Cyber Crime Center was involved in addressing the disclosure, while the platform Strix, associated with Schemata, was implicated in the exposure. No specific dates, technical identifiers (e.g., CVE IDs), or exact numbers of affected records were provided in the report.