US Police Forces Hit By Huge Data Breach
Activist hackers release 24 years’ worth of data from hundreds of police forces in move timed to coincide with protests against police brutality and racism
Police forces across the US have been targeted by a massive leak of 270 gigabytes of data, released amidst protests against police brutality and racism.
In releasing the data, activist group Distributed Denial of Secrets (DDoSecrets) said the “BlueLeaks” archive indexes data from “over 200 police departments, fusion centres and other law enforcement training and support resources”.
The documents include “police and FBI reports, bulletins, guides and more”, the group said on Twitter.
Fusion centres are state-operated entities that gather and exchange law enforcement data at the state, local and federal level.
Data exchange
DDoS is not a hacking group but, like Wikileaks, aims to make leaked information publicly available.
The data appears to derive from a hack on a Houston-based web design and hosting company that maintains a number of state law enforcement data-sharing portals, according to officials.
The National Fusion Center Association (NFCA) said in an internal alert published on Saturday that the published documents include personal information on individuals in law enforcement, such as names, email addresses and phone numbers.
The data also includes “highly sensitive information” such as ACH routing numbers, international bank account numbers (IBANs) and other financial data, and data and images pertaining to suspects listed in law enforcement and government agency reports, the NFCA said in its notice, excerpts of which were published by KrebsOnSecurity.
The documents in the leak date back to 1996 and extend up to 19 June, 2020, the NFCA said.
Data breach
It said Netsential had confirmed it was the source of the leak.
“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data,” the NFCA stated in the alert.
The group said nation-states, activists and cyber-criminals are likely to seek to exploit the exposed data to target fusion centres, law enforcement agencies and their personnel with cyber-attacks.
The data was released on 19 June, known as “Juneteenth”, which comemmorates the end of slavery in the US.
The date received particular attention this year in the aftermath of the killing of George Floyd, which prompted weeks of protests for police reform across the US and beyond.