By Sarah Calams
WASHINGTON — A hacktivist group leaked nearly 270 gigabytes of files from over 200 U.S. police departments last week.
The collection of files, dubbed “BlueLeaks,” include police and FBI reports, including information regarding COVID-19 and the protests following George Floyd’s death. The data included alerts about police safety and intelligence on the protests, specifically detailing “tactics used to injure law enforcement” in New Jersey, Forbes reported.
In a Twitter post, Distributed Denial of Secrets (DDoSecrets) said the “BlueLeaks” archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources.” The post also confirmed that hundreds of thousands of documents are “police and FBI reports, bulletins, guides and more.”
The data, according to Forbes, leaked after a security breach at Netsential, a Houston-based web development firm that handles websites for several police agencies.
The National Fusion Center Association (NFCA), which represents the interests of state and major urban area fusion centers, confirmed the validity of the leaked information.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” NFCA officials said. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
Furthermore, NFCA claims the leaked files span nearly 24 years – from August 1996 to June 19, 2020. The documents, according to NFCA, include names, email addresses, phone numbers, images, text, video, CSV and ZIP files, and PDF documents.
“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers, and other financial data as well as personally identifiable information and images of suspects listed in Requests for Information and other law enforcement and government agency reports,” NFCA officials said.
Netsential has not commented on the breach.