Foreign Adversaries Are Using Commercial Location Data to Target U.S. Servicemembers In the Middle East, Wyden, Harrigan and 12 other bipartisan Members of Congress, Reveal;[...]

Foreign Adversaries Are Using Commercial Location Data to Target U.S. Servicemembers In the Middle East, Wyden, Harrigan and 12 other bipartisan Members of Congress, Reveal; Members Call on Department to Adopt Commonsense Safeguards to Protect U.S. Troops

DOD Has Yet to Implement Basic Protections Against the Collection and Sale of Servicemembers' Personal Data, Including in Active War Zones

Washington, D.C. - U.S. Senator Ron Wyden, D-Ore. and Rep. Pat Harrigan, R-N.C., released information today confirming for the first time that hostile foreign adversaries are using commercial location data to target American servicemembers in an active war zone, they wrote in a letter to the Pentagon, along with 12 bipartisan members of Congress.

The letter was also signed by Sens. Martin Heinrich, D-N.M., Elizabeth Warren, D-Mass., Edward J. Markey, D-Mass., and Alex Padilla, D-Calif., and Reps. Robert Garcia, D-Calif., Elijah Crane, R-Ariz., Matt Van Epps, R-Tenn., Scott Perry, R-Pa., Keith Self, R-Texas, Michael Cloud, R-Texas, Sara Jacobs, D-Calif., Greg Steube, R-Fla.

Wyden and the other members called for the Department of Defense (DOD) to address this major threat to national security by preventing the collection and sale of servicemembers' personal information, including phone location data.

"Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes," the members wrote in a letter to DOD Chief Information Officer Kirsten Davies. "That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DoD leadership's failure to prioritize this threat and implement commonsense cyber defenses recommended by federal cybersecurity experts."

On April 14, 2026 the U.S. Central Command (USCENTCOM) told Congress in a written response to questions from Sen. Wyden's office that it "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater," during Operation Epic Fury in the Middle East. However, the DOD has yet to provide further information requested by Congress.

In its written response USCENTCOM revealed that the advertising ID is still not disabled on DOD-issued smartphones, but stated that DOD is currently testing a capability to do so. Earlier this month USCENTCOM for the first time gained the capability to disable location sharing on smartphones it manages. The National Security Agency and Cybersecurity and Infrastructure Security Agency have both recommended disabling the advertising ID for years.

To prevent commercial data being used to target U.S. troops, Senator Wyden and his colleagues urged the DOD to adopt common-sense safeguards, including disabling smartphone advertising IDs and replacing web browsers that are designed to facilitate online tracking and data collection, such as Google Chrome, with privacy-focused alternatives.

DOD has reportedly known about this threat since at least 2016, when a government contractor briefed Joint Special Operations Command officials and demonstrated the ability to track phones traveling from U.S. special operations bases in the Middle East. Since then, reporters and researchers have repeatedly shown that large commercial datasets allow tracking of U.S. government and military personnel.

The full letter to the Chief Information Officer is here.

###