Acuity, the tech firm from which hackers claim to have stolen data belonging to the US Department of State and other government agencies, has confirmed experiencing a cybersecurity incident, but says the compromised data is not sensitive.
A well-known hacker named IntelBroker announced this week on a cybercrime forum the release of documents belonging to “the Five Eyes Intelligence Group”. The cybercriminal said the data comes from Acuity and it includes names, emails, phone numbers, email addresses and other information, as well as what he claims to be “classified communications and information”.
A database file made available by IntelBroker includes roughly 3,000 personal information records. A majority of the email addresses are associated with the State Department, but some belong to the Justice Department, the FBI, and the DHS.
Through a separate link, the hacker has shared an additional 2.5 Gb of files allegedly stolen from Acuity.
According to its website, Acuity is a technology consulting firm that “offers deep domain expertise to federal agencies whose missions center on serving and protecting the nation’s citizens, global reputation, and critical assets”.
When the news broke, the State Department said it had launched an investigation into the claims.
In an emailed statement on Thursday, Acuity CEO Rui Garcia confirmed that some data has been compromised, but said it’s not sensitive.
“Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” Garcia told SecurityWeek.
“After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients’ sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers’ data seriously and is implementing appropriate measures to secure its operations further,” Garcia added.
An analysis of the leaked data indeed suggests that a vast majority of it comes from GitHub repositories as it includes many source code files and testing- and development-related content.
IntelBroker has been making claims about obtaining US government data for more than a year. In several cases, the data has been confirmed to originate from third-party service providers. In some instances, he claimed the data was obtained directly from government systems, but some of those claims seemed false or exaggerated.
The hacker first mentioned targeting Acuity in early March, after he offered to sell data allegedly belonging to Immigration and Customs Enforcement (ICE) and United States Citizenship and Immigration Services (USCIS).
*headline updated to clarify that compromised data was non-sensitive
Related: Ex-Employee’s Admin Credentials Used in US Gov Agency Hack
Related: Zimbra Zero-Day Exploited to Hack Government Emails