Confirming the hack and the data breach, Army and Air Force Exchange (AAFES) spokesperson Chris Ward said that, “The Exchange learned on February 11 of a data breach of customer information held by concessionaire SIGA Telecom.” SIGA officials did not immediately provide a comment on Friday after the breach was made public. However Ward said that the leaked data did not contain financial information about the military personnel nor was there any evidence of the data being used in fraudulent transactions. “There was no financial information released,” Ward said. “To date, there is no evidence of fraudulent use of the information.” After the data breach was discovered SIGA immediately took systems offline, began an investigation and informed German authorities in an effort to find and prosecute the person responsible, Ward said. “The investigation is ongoing.” In addition, SIGA also notified around holders 27,500 active accounts of the data breach on March 5, Ward noted. AAFES officials met with SIGA executives to review details of the breach and confer on remedial actions, Ward said. AAFES has ordered SIGA to notify its customers, set up telephone information line, develop a remediation plan and re-evaluate its security within 90 days, Ward said.