US military personnel targeted in war zones using commercial location data, lawmakers warn

US forces deployed in conflict zones have been targeted using commercially available location data, allowing adversaries to identify troop movements and conduct attacks such as missile, drone, and roadside bomb strikes, as well as surveillance operations ^{[1, 2, 3, 4, 5, 6, 7, 8]}. U.S. Central Command (CENTCOM) confirmed in a letter dated April 14, 2026, that it had received multiple threat reports about the exploitation of such data to target or surveil US personnel within its area of responsibility, which includes the Gulf region near the Strait of Hormuz where US forces face Iranian military forces ^{[1, 2, 7, 8]}.

Commercial location data is collected by apps and service providers from smartphones and devices. It is then sold to data brokers who resell it through multiple intermediaries, creating a complex supply chain ^{[1, 2, 4, 7, 8]}. This data reveals where US troops congregate and their daily patterns, information adversaries can exploit for missile and drone strikes and counterintelligence purposes ^{[1, 2, 4, 7, 8]}. Senator Ron Wyden stated, "Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes" ^[1]. Wyden and a bipartisan group of lawmakers warned, "It’s time to start treating the adtech industry as a national security threat" ^[2].

The threat posed by commercial location data to military operations has been known to the Pentagon and Department of Defense for over a decade, but critics say defenses remain insufficient ^{[3, 5, 7, 8]}. Since 2016, US Army researchers and military contractors have demonstrated how commercial location data could be used to track special operations forces traveling from US bases to sensitive locations abroad, notably in Syria ^{[1, 3, 7, 8]}.

Military personnel are allowed personal phones in the field but are instructed to disable geolocation features. CENTCOM noted, "Disabling geolocation capabilities does not always fully disable them on commercial products, requiring personnel to implement comprehensive device security measures, including privacy setting reviews" ^[5]. Officials are also working to disable mobile advertising identifiers on government-issued phones to limit data leaks ^[5].

Some lawmakers have pressed the Pentagon to ban browsers like Google Chrome on government devices. Republican Congressman Pat Harrigan said, "Chrome and similar browsers were designed from the start to harvest and share user data, and just one more day of having them on government-issued devices is one more weapon handed to adversaries against our troops" ^[7].

The most recent public action came on May 28, 2026, when Senator Wyden and bipartisan lawmakers sent a letter urging the Pentagon to take stronger national security steps to defend against targeting using commercial location data ^{[1, 2, 4, 7, 8]}.