Source: www.databreachtoday.com – Author: 1
Government
,
Incident & Breach Response
,
Industry Specific
Hacker Claims to Leak Trove of Records Belonging to Environmental Protection Agency
Chris Riotta (@chrisriotta) •
April 8, 2024
The U.S. Environmental Protection Agency is investigating claims that a notorious government hacker leaked a trove of contact information from the agency’s database of critical infrastructure contractors.
See Also: Cybersecurity in Public Sector: 5 Insights You Need to Know
The threat actor known as USDoD released what he said is 500 megabytes of contact information and other data from the EPA’s database on a publicly accessible hacking forum Sunday. Information Security Media Group confirmed that the post remained published on the forum as of Monday afternoon and featured zipped files claiming to include everything from full names and email addresses to information about physical addresses for agency contractors.
“Hello Breachforums, this is your favorite TA and today I’m proud to say that I’m releasing epa.gov database of contact list,” the post read. “This is their entire contact of [critical infrastructure] not only for the USA but for the entire globe.”
An agency spokesperson said the agency conducted a “preliminary analysis” of the allegedly leaked data, finding that the records appear to contain business contact information already available to the public “to provide a comprehensive picture of environmental impacts.”
The post in question claimed to include the entirety of the EPA’s global critical infrastructure contact list, with more than 15 million records potentially associated with an estimated 8.5 million users, according to an analysis conducted by Hackread.com.
Hacking experts and security analysts have suggested that the leaked records appear legitimate, although the EPA has not confirmed their authenticity. The threat actor behind the latest alleged leak has previously targeted U.S. military and defense contractors and in 2022 obtained names and email addresses of members of InfraGard, a FBI public-private cybersecurity forum InfraGard.
While the alleged leak does not appear to contain passwords to critical infrastructure systems, the exposure could make listed individuals and organizations vulnerable to phishing, according to analysts. The EPA has meanwhile been warning critical infrastructure owners and operators about the recent threats posed by state-sponsored threat actors to water and wastewater systems nationwide (see: New Guidance Urges US Water Sector to Boost Cyber Resilience).
Original Post url: https://www.databreachtoday.com/us-epa-investigates-alleged-data-breach-by-government-hacker-a-24806
Category & Tags: –
