A recent hack of law enforcement departments, as well as the Federal Bureau of Investigation (FBI), leaked 269GB of sensitive information to the public online. While cyberattacks have risen since people have begun working remotely, this attack was specifically targeted. Security researchers believe it may be because of current civil unrest. Sensitive information on people and legal cases was exposed and these leaks will continue to occur without proper security measures in place.
How Did the Leak Happen?
A group known as Distributed Denial of Secrets or “DDoSecrets” is dedicated to publishing secret data from leakers or hackers. They aim to provide a way for the public to access data but claim they are not involved in the exfiltration of data. They were able to obtain classified information from the web-development company, Netsential, which has law enforcement customers.
Security researcher Brian Krebs claimed that according to an internal document from the National Fusion Center Association, it is believed a threat actor took advantage of a compromised Netsential customer account and introduced malicious content through the web platform.
Over 200 police departments, fusion centers, and other law enforcement training and support resources had data leaked. Some of those affected include the Alabama Fusion Center, Iowa Law Enforcement Academy and the Nevada Cyber Exchange. All of these were mentioned on DDoSecrets’ Twitter account according to bakinfosecurity.com.
What Information Was Leaked?
The data that was leaked was posted on June 19 to DDoSecrets’ website. It included personally identifiable information and data involved with ongoing cases. The DDoSecrets claimed that ten years’ worth of data was leaked and a document from the National Fusion Center Association said the data ranges from August 1996 to June 20 of this month. Leaked information also includes:
Protection Plans for the Future
It is expected that these types of attacks will continue as the current events relating to politics and other areas of concern only develop further. The DDoSecrets exposed information through their Twitter page but the social media platform suspended the account, citing that they had rules against posting stolen data. Many government agencies use third-party vendors for data or digital services, and as a result, can’t monitor the security of these companies.
To prevent data leaks in any industry, companies need to have proper data protection for information that is either currently used or in need of long-term storage. The SecureDrive product line is hardware encrypted and FIPS 140-2 Level 3 Validated for total security. Users must authenticate by entering a PIN or wirelessly through a secure app. The devices have brute force anti-hacking to protect information from unauthorized parties and have storage capacities up to 8TB. To learn more about how these devices can protect sensitive data, call 1-800-875-3230.