Nearly 270 gigabytes containing sensitive information of police departments and fusion centers across the United States were published online.
Nearly 270 gigabytes containing sensitive information of police departments and fusion centers across the United States were published online.
The dubbed file “BlueLeaks,” has been published by Distributed Denial of Secrets (DDoSecrets). DDoSecrets describes itself as a “transparency collective,” and claims that it received the BlueLeaks data “courtesy of Anonymous,” the infamous activist group.
The leak was confirmed by the National Fusion Center Association (NFCA) on June 20. The data in the file leak span from August 1996 to June 19, 2020, that is nearly 24 years, belong to more than 200 police departments and law enforcement fusion centers from across the US.
The data included names, email addresses, phone numbers, PDF documents, images and a large number of text, video, CSV and ZIP files.
A partial screenshot of BlueLeaks data cache; image courtesy KrebsonSecurity
Fusion centers are state-owned and operated centers that operate as focal points to gather and transmit law enforcement and public safety information between state, local, tribal and territorial, federal and private sector partners. The fusion centers represent a shared commitment between the federal government and the state and local governments who own and operate them.
KrebsonSecurity reported that the National Fusion Center Association (NFCA), the central association representing all fusion centers across the US, confirmed the authenticity of the data leak.
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs)and other law enforcement and government agency reports.”
The NFCA said, it appears the data published by BlueLeaks was labelled after “Netsential.com Inc”, a Houston-based web development firm.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: Private Zoom Video Recordings Exposed Online