The transfer took place as part of a budget analysis, Army National Guard spokesman Kurt Rauschenberg told Army Times on Tuesday via email, adding that, "Although this matter is identified as a breach, technically, it was more of a poor security practice."

The bureau has created a web page containing identity protection advice for guard members.

"We believe the specific files containing [personal information were] safeguarded and not used to compromise anyone's identity," Rauschenberg said. "However, we want the public to know what happened just in case."

"The National Guard Bureau takes the control of personal information very seriously," Brown said. "After investigating the circumstances of these actions, and the information that was transferred, the Guard has determined, out of an abundance of caution, to inform current and past guard personnel that their personally identifiable information was among the files that were transferred."

"In a digital world, there are control risks that need to be considered regarding files that contain sensitive, confidential or regulated data," Gord Boyce, CEO of the San Jose, Calif.-based cybersecurity firm FinalCode, said.

"According to Privacy Rights Clearinghouse, nearly 305 million records have been leaked in the United States during the past five years, due to unintended disclosure, hacking or malware, insiders, and lost or discarded mobile and stationary computing devices," Boyce, who said FinalCode could have contained the Army National Guard's accidental data leak by remotely deleting the emailed file, explained.

Boyce pointed out that organizations can do little to stem the tide of file collaboration. Instead, they need to examine the potential consequences of diminished due care, given the ease at which files can be exposed outside protective containers or shared via unintended email.

He recommended organizations plan their security postures to include the ability to identify authorized recipients of files, encrypt files on the receiving side, determine the length of a receiver's access and whether files can be copied, and allow files to be remotely deleted, if necessary.

In the two months since discovering that the personal information of 21.5 million Americans was compromised by a hack of U.S. federal computer networks, the government has yet to officially notify any of the victims, Reuters reported Tuesday.

Officials from several agencies told Reuters the Office of Personnel Management is working to set up a system to alert those affected, but the mechanism will most likely still take weeks to complete. It remains unclear why there has been such a delay in reaching out to those impacted by the attacks.

"Not informing victims of data breaches where highly confidential personal information has fallen in the hands of state-sponsored hackers is compounding the failure," Sjouwerman said. "The level of detailed data that has now fallen into the hands of highly skilled social engineers requires every victim to be informed about the exact nature of the breach, and specifically what data has leaked so that they can take personal countermeasures."

OPM announced it is providing fraud, identity-theft and credit monitoring services for those with compromised information.

"Apart from providing free credit monitoring for life, I would also strongly recommend effective security awareness training for all victims," Sjouwerman added.