Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info

Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old.

Government data leak

Acuity, the tech firm from which hackers claim to have stolen data belonging to the US Department of State and other government agencies, has confirmed experiencing a cybersecurity incident, but says the compromised data is not sensitive.

A well-known hacker named IntelBroker announced this week on a cybercrime forum the release of documents belonging to “the Five Eyes Intelligence Group”. The cybercriminal said the data comes from Acuity and it includes names, emails, phone numbers, email addresses and other information, as well as what he claims to be “classified communications and information”. 

A database file made available by IntelBroker includes roughly 3,000 personal information records. A majority of the email addresses are associated with the State Department, but some belong to the Justice Department, the FBI, and the DHS.

Through a separate link, the hacker has shared an additional 2.5 Gb of files allegedly stolen from Acuity. 

According to its website, Acuity is a technology consulting firm that “offers deep domain expertise to federal agencies whose missions center on serving and protecting the nation’s citizens, global reputation, and critical assets”.

When the news broke, the State Department said it had launched an investigation into the claims. 

In an emailed statement on Thursday, Acuity CEO Rui Garcia confirmed that some data has been compromised, but said it’s not sensitive.

“Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” Garcia told SecurityWeek

“After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients’ sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers’ data seriously and is implementing appropriate measures to secure its operations further,” Garcia added.

Advertisement. Scroll to continue reading.

An analysis of the leaked data indeed suggests that a vast majority of it comes from GitHub repositories as it includes many source code files and testing- and development-related content.

IntelBroker has been making claims about obtaining US government data for more than a year. In several cases, the data has been confirmed to originate from third-party service providers. In some instances, he claimed the data was obtained directly from government systems, but some of those claims seemed false or exaggerated. 

The hacker first mentioned targeting Acuity in early March, after he offered to sell data allegedly belonging to Immigration and Customs Enforcement (ICE) and United States Citizenship and Immigration Services (USCIS).

*headline updated to clarify that compromised data was non-sensitive

Related: Ex-Employee’s Admin Credentials Used in US Gov Agency Hack

Related: Zimbra Zero-Day Exploited to Hack Government Emails

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.