I don't see how it's Strava's fault. Surely if it's sensitive information then it's the military personnel who are at fault for uploading the data to a public website.
eh maybe send a newsletter to everyone registered to the service announcing it, then if people have complaints like "Hey I totally forgot I should have not done this..." / valid reason they can email and you can take their device id out of the megadump?
