Over the past decade, a simple typographical error has resulted in millions of United States military emails being unintentionally sent to Mali, raising significant security concerns, according to reports from the Financial Times. Instead of being directed to the .MIL suffix designated for all US military email addresses, a common typographical error where .ML – the country domain of Mali – is used has resulted in a flow of sensitive data to West Africa.
This monumental oversight was initially discovered by Johannes Zuurbier, a Dutch entrepreneur in charge of managing Mali’s domain. Zuurbier has been intercepting and collecting the wrongly-directed emails, which numbered close to 117,000 in 2023 alone, in an attempt to raise awareness in the US about the ongoing issue.
The emails come from various entities like travel agents working with the US military, military staff members, US intelligence, and private contractors. While not officially classified, the leaked emails contain highly sensitive data, including tax records, medical records, official travel itineraries, naval inspection reports, and even the travel details of General James McConville, the US Army’s chief of staff.
Despite Zuurbier’s concerted efforts to alert American officials, corrective action still appears to have not been taken. The issue presents a growing concern as control will pass from Zuurbier to Mali’s government, with its strong ties to Russia, when his contractual obligations end.
A spokesperson for the U.S. Department of Defense acknowledged the issue, stating they are aware and take unauthorised disclosures of Controlled National Security Information or Controlled Unclassified Information seriously. However, without a solid solution in place, this simple typographical error may continue to cause security headaches.
