The United States Department of Justice has launched an investigation after a group of pro-Palestine hackers leaked what appear to be the details of nearly 30,000 employees of the Department of Homeland Security (DHS) and the Federal Bureau of Investigations (FBI).
The attackers first leaked the records of roughly 9,000 DHS employees and later published a document containing information on more than 20,000 FBI employees. The records consist of names, email addresses, phone numbers and job titles.
Vice’s Motherboard, the website that broke the news, called some of the individuals whose details have been leaked and confirmed that at least some of the information is accurate.
The attackers claimed to have obtained the information after compromising the email account of a Department of Justice employee. The leaked details were allegedly obtained from a database hosted on a DoJ intranet.
The hackers claimed to have gained access to a total of 1TB of data, but only downloaded 200GB of files. They said they also obtained military emails and payment card data, but provided no proof to support their claims.
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information. This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information,” Peter Carr, Department of Justice spokesman, told SecurityWeek in an emailed statement.
“The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation,” Carr added.
Most of the leaked information does not seem to be publicly available online, but that does not necessarily mean the attackers actually gained access to sensitive DoJ systems. Hackers whose goal is to attract attention — whether it’s for a cause or simply to boost their reputation — are known to get creative when leaking “sensitive” information.
Last week, hackers published the details of NASA employees and other information they claimed to have obtained after breaching the space agency’s systems. NASA investigated the claims and determined that the leaked information was publicly available through its open data websites.
On the other hand, hackers gaining access to the email accounts of U.S. government employees, including high-ranked officials, is not unheard of. Last year, someone breached the private AOL account of CIA chief John Brennan and released some documents.