The Army sent out the Military Accessions Vital to the National Interest (MAVNI) recruit data “at least” three times between July 2017 and January 2018. Chinese recruits have already used the list to support their asylum claims, warning that they might face retaliation if they’re sent back to their country of origin. Some recruits have been waiting long enough for acceptance into the program that their visas have expired, and they may have to claim refugee status using the data mistake as part of their justification.

The Army hasn’t commented on the mistake. However, it underscores ongoing data privacy problems in the US military, including the exposure of military contractor files and a Pentagon breach affecting as many as 30,000 workers. As much as officials have done to improve security, there are still gaps — and it can be hard to completely prevent people from accidentally sharing data.