Categories: SecurityWorkspace

US Police Forces Hit By Huge Data Breach

Police forces across the US have been targeted by a massive leak of 270 gigabytes of data, released amidst protests against police brutality and racism.

In releasing the data, activist group Distributed Denial of Secrets (DDoSecrets) said the “BlueLeaks” archive indexes data from “over 200 police departments, fusion centres and other law enforcement training and support resources”.

The documents include “police and FBI reports, bulletins, guides and more”, the group said on Twitter.

Fusion centres are state-operated entities that gather and exchange law enforcement data at the state, local and federal level.

Data exchange

DDoS is not a hacking group but, like Wikileaks, aims to make leaked information publicly available.

The data appears to derive from a hack on a Houston-based web design and hosting company that maintains a number of state law enforcement data-sharing portals, according to officials.

The National Fusion Center Association (NFCA) said in an internal alert published on Saturday that the published documents include personal information on individuals in law enforcement, such as names, email addresses and phone numbers.

The data also includes “highly sensitive information” such as ACH routing numbers, international bank account numbers (IBANs) and other financial data, and data and images pertaining to suspects listed in law enforcement and government agency reports, the NFCA said in its notice, excerpts of which were published by KrebsOnSecurity.

The documents in the leak date back to 1996 and extend up to 19 June, 2020, the NFCA said.

Data breach

It said Netsential had confirmed it was the source of the leak.

“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data,” the NFCA stated in the alert.

The group said nation-states, activists and cyber-criminals are likely to seek to exploit the exposed data to target fusion centres, law enforcement agencies and their personnel with cyber-attacks.

The data was released on 19 June, known as “Juneteenth”, which comemmorates the end of slavery in the US.

The date received particular attention this year in the aftermath of the killing of George Floyd, which prompted weeks of protests for police reform across the US and beyond.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

NHS Covid-19 Tracing App For England, Wales, Nears Launch

Date for limited rollout of delayed NHS track and trace app for England and Wales…

2 days ago

Coronavirus: Facebook Staff To Work From Home Until July 2021

Facebook follows Google lead by extending right of staffers to work from home until July…

2 days ago

Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Report suggests Canon has been crippled with a ransomware attack with allegedly 10TB of data,…

3 days ago

Uber Expands UK Reach With Autocab Buy

Amid consolidation in the taxi sector caused by Coronavirus lockdown, Uber purchases British rival Autocab…

3 days ago

TikTok Selects Ireland For First European Data Centre

Ireland to get another data centre after the Chinese-owned short video app TikTok announces first…

3 days ago