Hackers have cracked computer systems connected with a former US military base at Fort Monmouth, New Jersey, stealing the personal details of more than 36,000 people.
The main victims of the attack are thought to be personnel at C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance) and Communications-Electronics Command (CECOM).
The cyber-attackers also stole the personal information of visitors to the base. Details such as "a mix of full names, dates and places of birth, social security numbers, home addresses, and salaries" have fallen into the hackers' hands, CECOM spokeswoman Andricka Thomas told the Asbury Park Press.
Both C4SIR and CECOM were moved to Aberdeen Proving Ground in September 2011, following the closure of Fort Monmouth.
The hackers are yet to be identified by the authorities, and the Army's Cyber Command is leading an investigation into the attack. The spokeswoman added that the attack was launched by "unknown" persons and for "unknown reasons".
The breach was discovered on 6 December and the affected databases were immediately shut down.
"CECOM takes this incident very seriously and we apologise to all personnel affected. We are taking urgent and decisive action to prevent this from occurring again. This does not affect anyone's ability to do their jobs, or impact entitlements," added Thomas.
The commanding officer of CECOM, Major General Robert Ferrell, has sent letters to all the victims of the attack. He said the hackers had gleaned information from visitor logs and from the Software Engineering Centre's personnel files.
The US Army has offered one year's free credit monitoring to all those affected by the attack.