Personal information on nearly 30,000 government employees, including members of the Federal Bureau of Investigation, may have been released on the Web.
Using a compromised Department of Justice email account, a hacker claims to have gained access to the department's intranet. The hacker then allegedly downloaded the personal information of more than 20,000 FBI employees and roughly 9,000 Department of Homeland Security employees.
The hacker published the supposed information on an encrypted text-sharing site, including names, titles and contact details. At least some of the information appears to be real. The hacker, who uses a handle with a rude word (see for yourself should you be so inclined), dumped the first round of data and linked to it in a tweet, along with a pro-Palestinian hashtag, Sunday. The hacker followed up with the alleged FBI employee information on Monday. It's unclear how much of the hacked information may have been publicly available.
A Justice Department spokesman said the information doesn't appear to include any sensitive personal details, though it is looking into unauthorized access of one of its systems. A DHS spokesman said it's looking into the alleged disclosure of employee contact information. An FBI spokesman didn't respond to a request for comment.
The alleged digital break-in comes amid growing concern that hackers can get at our most sensitive information online, regardless of how well it's supposedly stored. Government agencies, health care companies and private industry have all been compromised.
In July, more than 22 million people were affected by cyberattacks on the US government's personnel office. That follows a string of attacks against government targets including a hack of the CIA's public website, the interception of White House emails and the breach of a military Twitter account. "No system is completely impenetrable," said Thomas Ristenpart, professor at Cornell Tech and a member of its security group. "It only takes one hole for an attacker to get in."