The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error reportedly led to classified emails being sent to a close ally of Russia instead of the intended recipients.
The emails were meant for the US military, identifiable by the domain “.mil.” However, due to a simple mistake omitting the letter “i,” the messages were routed to the West African nation of Mali, known for its ties with Russia.
“This story is the perfect illustration of how human error can unwittingly negate even the best cyber defenses. It’s hard to think of a UK organization with better cyber defenses than the MoD. Yet, a very human mistake has exposed it to risk,” commented Jamie Akhtar, CEO and co-founder of CyberSmart.
“It also highlights the importance of cyber training for staff and having extra failsafes in place (such as safe sender lists for emails), particularly in high-pressure environments.”
Read more on staff cyber training: Security Training Needs to Nudge, Not Nag
Javvad Malik, lead security awareness advocate at KnowBe4, echoed Akhtar’s point, adding that with this kind of issue, it is also tricky to correctly ascertain whether an action was a mistake or deliberately malicious.
“Which is why creating a culture of security is so important, which constantly reinforces positive security behaviors not just for individuals but for the entire organization,” Malik added.
Writing on X (formerly Twitter) earlier today, the MoD clarified that the incident involved fewer than 20 emails and emphasized that none of them were classified as top secret.
“We are confident there was no breach of operational security or disclosure of technical data,” reads the post. “An investigation is ongoing. Emails of this kind are not classified at secret or above.”
A similar typing error allegedly occurred on July 17, causing millions of US military emails to be mistakenly sent to Mali. Some of these emails were believed to contain sensitive information, including passwords, medical records and itineraries of high-ranking officers.