Categories: SecurityWorkspace

US Police Forces Hit By Huge Data Breach

Police forces across the US have been targeted by a massive leak of 270 gigabytes of data, released amidst protests against police brutality and racism.

In releasing the data, activist group Distributed Denial of Secrets (DDoSecrets) said the “BlueLeaks” archive indexes data from “over 200 police departments, fusion centres and other law enforcement training and support resources”.

The documents include “police and FBI reports, bulletins, guides and more”, the group said on Twitter.

Fusion centres are state-operated entities that gather and exchange law enforcement data at the state, local and federal level.

Data exchange

DDoS is not a hacking group but, like Wikileaks, aims to make leaked information publicly available.

The data appears to derive from a hack on a Houston-based web design and hosting company that maintains a number of state law enforcement data-sharing portals, according to officials.

The National Fusion Center Association (NFCA) said in an internal alert published on Saturday that the published documents include personal information on individuals in law enforcement, such as names, email addresses and phone numbers.

The data also includes “highly sensitive information” such as ACH routing numbers, international bank account numbers (IBANs) and other financial data, and data and images pertaining to suspects listed in law enforcement and government agency reports, the NFCA said in its notice, excerpts of which were published by KrebsOnSecurity.

The documents in the leak date back to 1996 and extend up to 19 June, 2020, the NFCA said.

Data breach

It said Netsential had confirmed it was the source of the leak.

“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data,” the NFCA stated in the alert.

The group said nation-states, activists and cyber-criminals are likely to seek to exploit the exposed data to target fusion centres, law enforcement agencies and their personnel with cyber-attacks.

The data was released on 19 June, known as “Juneteenth”, which comemmorates the end of slavery in the US.

The date received particular attention this year in the aftermath of the killing of George Floyd, which prompted weeks of protests for police reform across the US and beyond.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ireland Shuts Down Health IT System After Ransomware Attack

The health service in Ireland has suffered a 'significant ransomware attack' and has shut down…

17 mins ago

Price For Microsoft Surface Duo Slashed In US

Another Microsoft phone failure? Seven months after Redmond's dual screen smartphone device went on sale,…

56 mins ago

NHS Covid-19 App Saved Up To 8,700 Lives, Says Research Paper

NHS contact tracing app used in England and Wales during Coronavirus pandemic saved thousands of…

17 hours ago

Google Cloud, SpaceX Sign Deal For Enterprise Cloud Services

Elon Musk's SpaceX is to deliver Google Cloud services to enterprises at the 'network edge',…

19 hours ago

Google Fined 100 Million Euros By Italian Antitrust Regulator

Stiff penalty imposed by Italian watchdog over Google's alleged decision to restrict access of one…

19 hours ago

Colonial Pipeline Posted Security Job Before Ransomware Attack

Posting for security manager job at Colonial Pipeline was made weeks before devastating ransomware attack…

21 hours ago