Commercial Location Data Exposed U.S. Troops to Surveillance by Foreign Adversaries
The U.S. Department of Defense has confirmed that foreign adversaries used commercially available location data to target and surveil American military personnel in operational theaters, including the Middle East. A newly disclosed U.S. Central Command letter said it had received multiple threat reports involving hostile actors exploiting data collected from phones and computers through the advertising and data-broker ecosystem. Lawmakers led by Senator Ron Wyden and Representative Pat Harrigan said the disclosures amount to the first public confirmation that purchased commercial geolocation data was used against U.S. troops in active war zones, and warned that the ad-tech industry now poses a national security threat.
The reports say Pentagon safeguards were insufficient: service members were allowed to use personal devices in operational areas, no policy required geolocation to be disabled in active war zones, and even government-issued devices did not fully block advertising-related tracking. Critics said the risk had been documented for years, citing contractor briefings dating back to 2016, demonstrations tracing personnel from U.S. bases to a covert site in Syria, and later studies showing brokers could easily sell sensitive data on service members. The Pentagon said it is moving to a new mobile device management system to better disable location services, but lawmakers warned that broader use of bring-your-own-device policies and weak regulation of data brokers continue to leave troops exposed.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Pentagon said it was migrating to new mobile device management
The Department of Defense said it was moving to a new mobile device management system intended to better disable location services and reduce advertising-related tracking exposure on government-issued devices.
Lawmakers pressed DoD to tighten smartphone security policies
Senator Ron Wyden, joined by Representative Pat Harrigan and other lawmakers, urged the Department of Defense to strengthen smartphone security after the Pentagon confirmed foreign adversaries had used commercially available geolocation data to target or surveil U.S. troops.
USCENTCOM received multiple threat reports on troop targeting via location data
U.S. Central Command said in a newly disclosed letter that it had received multiple threat reports about adversaries exploiting commercial location data to target or surveil U.S. personnel in the Middle East and other operational theaters.
Duke study bought sensitive service-member data from brokers
A 2023 Duke University study found it could readily purchase sensitive personal data on U.S. service members from data brokers, providing further evidence that military-related data was commercially accessible.
Contractor demo traced troops from U.S. bases to a covert Syria outpost
In 2016, a demonstration showed that commercially purchased phone location data could trace movements from Fort Bragg and MacDill Air Force Base to a covert forward operating base in northern Syria, illustrating the operational risk to U.S. forces.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Digital Tracking Threats Extend Beyond Governments to Everyday Users - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceAd Tracking Puts US Troops at Risk on the Battlefield - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceHackers Use Phone Location Data to Attack US Military Personnel - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceSrsly Risky Biz: NATO's cyber approach needs to change - Risky Business Media
risky.biz
Open sourceU.S. says troops were targeted with location data, as senator warns ad industry is a 'national security threat' | TechCrunch
techcrunch.com
Open sourceThe Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | WIRED
wired.com
Open sourceTroops’ phones leaked location data to foreign adversaries
theregister.com
Open sourceEnemies Are Exploiting Unregulated Data Broker Location Data To Target And Kill U.S. Troops | Techdirt
techdirt.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Agencies Acknowledge Buying Commercial Data for Location Tracking
US government agencies are facing renewed scrutiny over their use of **commercially available data**—including data derived from the online advertising ecosystem—to track people without a warrant. Reporting cited in one account says **Customs and Border Protection (CBP)** used “commercially available marketing location data” tied to the same ad-tech systems that power targeted advertising, reinforcing long-standing concerns that surveillance advertising infrastructure can be repurposed for government monitoring. The reporting frames the issue as direct evidence that location data harvested for ad targeting can also support state surveillance. At the same time, **FBI Director Kash Patel** told the Senate Intelligence Committee that the bureau purchases commercially available information, after being pressed on whether the FBI buys data that could be used to track Americans. Sen. **Ron Wyden** argued that purchasing such data without a warrant is a workaround to **Fourth Amendment** protections and renewed calls for legislative limits, including the **Government Surveillance Reform Act**. Together, the reports show that both border and federal law enforcement agencies are relying on the commercial data broker and ad-tech ecosystem for intelligence and location-tracking purposes, intensifying the policy debate over privacy, warrant requirements, and the broader security implications of pervasive data collection.
Mar 23, 2026
U.S. Federal Agencies Expand Warrantless Commercial Surveillance and Location Data Purchases
The **Department of Homeland Security** and the **FBI** are expanding use of commercially available surveillance and data-tracking capabilities, prompting renewed scrutiny over privacy, civil liberties, and oversight. DHS is reportedly preparing to spend hundreds of millions of dollars on surveillance technology in 2026, including a **$1 billion** blanket purchase agreement with *Palantir* and additional investments in AI-enabled monitoring, mobile tracking, and tools from vendors such as *Cellebrite* and *Paragon Solutions*. Advocacy groups and lawmakers have warned that these programs broaden the government’s ability to scan faces, track cell phone activity, and monitor both immigrants and U.S. citizens while governance mechanisms fail to keep pace. The **FBI** separately confirmed it has resumed buying Americans’ location and other commercially available data from brokers, reviving a practice the bureau had previously said it was not actively pursuing. Director **Kash Patel** told lawmakers the agency uses purchased data in ways it says are consistent with the Constitution and the **Electronic Communications Privacy Act**, while Sen. **Ron Wyden** characterized the practice as a warrantless workaround to Fourth Amendment protections. Reporting on DHS also indicates declining transparency, with Privacy Impact Assessment filings falling sharply and the department’s inspector general accusing the agency of obstructing audits tied to biometric data management and immigration enforcement, reinforcing concerns that federal surveillance capabilities are growing faster than meaningful oversight.
Mar 21, 2026
Exposure of EU Officials' Phone Location Data via Data Brokers
A coalition of European journalists revealed that commercially available location data, sold by data brokers, included detailed movement histories of top European Union officials and employees. The reporters obtained a free sample dataset containing 278 million location points from millions of devices around Belgium, with granular data on individuals working at the European Commission and European Parliament. The investigation demonstrated that it was possible to identify private addresses and daily routines of senior EU officials, raising significant concerns about the effectiveness of the EU's data protection laws in preventing such privacy breaches. In response to the findings, the European Commission expressed concern over the trade of geolocation data involving both citizens and officials. The Commission issued new guidance to staff on disabling ad tracking and informed member states' Computer Security Incident Response Teams (CSIRTs) about the risks. Despite the General Data Protection Regulation (GDPR) being considered one of the world's strictest privacy laws, the incident highlights regulatory gaps regarding data brokers and the ongoing vulnerability of sensitive personal data to commercial exploitation and potential surveillance.
Apr 13, 2026