In a letter shared with Reuters by US Senator Ron Wyden, an Oregon Democrat, US Central Command said it had “received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theatre.“

The message, sent on April 14, offered no further specifics, but Centcom’s area of responsibility includes the Gulf, ​where US forces are facing off against the Iranian military over the Strait of Hormuz.

The disclosure was the first official confirmation that US forces ​had been targeted in an active war zone, Wyden and a bipartisan group of legislators said in a letter sent on ⁠Thursday to the Pentagon.

“Commercial location data can be used to identify where US troops congregate and their pattern of life, which can be exploited by adversaries ​to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes,” the letter warned.

Wyden said in a statement that it was ​time to “start treating the adtech industry as a national security threat.”

The Pentagon said in an email that it would respond directly to the lawmakers, but did not elaborate.

The lawmakers said in their letter that their efforts to obtain more information from military officials about the reported targeting had been unsuccessful.

Privacy concerns

Location data is widely used in digital ​advertising, which is a key source of revenue for many tech companies.

Such data is typically collected from smartphones or other devices by apps or ​service providers before being sold to data brokers who collate and resell the data, sometimes via complex networks of intermediaries.

Although the threat to privacy inherent in selling the details of ‌people’s day-to-day ⁠movements on the open market has long been a matter of public discussion, its potential as a national security risk has recently drawn concern as well.

As far back as 2016, one US defence contractor was able to leverage commercially available location data to track special operations forces from their bases in the United States to a sensitive staging post in Syria, according to an account first disclosed by the Wall Street Journal.

More recently, journalists at Wired and two German news outlets ​drew on billions of coordinates collected by ​a data broker to expose the granular ⁠comings and goings, opens new tab of people stationed at or around 11 US military and intelligence sites in Germany.

Two groups that represent digital advertisers, the Interactive Advertising Bureau and the Association of National Advertisers, did not return emails seeking comment.

The letter from ​US lawmakers to the Pentagon said that, given what military officials know about the trade in location data, ​they should have acted ⁠faster to protect their personnel, for example, by disabling the unique advertising ID attached to military-issued devices, automatically turning off location sharing on smartphones in the field, and steering staff away from Google’s Chrome web browser toward more privacy-focused alternatives.

One of the letter’s cosigners was US Representative Pat Harrigan, a North Carolina Republican who was formerly ⁠a US army ​special forces officer.

Harrigan said that browsers like Chrome “are built from the ground up to ​collect and share user data” and that every day they remain on government-issued devices “is another day we are handing our adversaries a weapon against our own troops.”

In a statement, Alphabet’s Google said that ​Chrome had “industry-leading security.”

The company added that it had “long advocated for stronger rules and safeguards against data brokers.”