Hundreds of thousands of highly sensitive files from police departments across the world were leaked online last week. The collection, dubbed “BlueLeaks”, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.
- Hundreds of thousands of highly sensitive files from police departments across the world were leaked online last week
- Called BlueLeaks, the collection is nearly 270 gigabytes in total
- The information was leaked by DDoSecrets, that publishes caches of previously secret data
- The data published by BlueLeaks was taken after a security breach at Netsential, a Houston-based web development firm
- Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources were leaked
- Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more
- The dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020
- The documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files
- Some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data
- The data also includes personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) reports
The collection — nearly 270 gigabytes in total — is the latest release from DDoSecrets (Distributed Denial of Secrets), an alternative to Wikileaks that publishes caches of previously secret data.
In a post on Twitter, DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”
Fusion centers are state-owned and operated entities that gather and disseminate law enforcement and public safety information between state, local, tribal and territorial, federal and private sector partners.
KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data. The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”
The NFCA said it appears the data published by BlueLeaks was taken after a security breach at Netsential, a Houston-based web development firm.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
The NFCA said a variety of cyber threat actors, including nation-states, hacktivists, and financially-motivated cybercriminals, might seek to exploit the data exposed in this breach to target fusion centers and associated agencies and their personnel in various cyber attacks and campaigns.
Send in your tips and submissions by filling out this form or write to us directly at the email provided. Join us on WhatsApp for more intel and updates.
GreatGameIndia is a journal on Geopolitics and International Relations. Get to know the Geopolitical threats India is facing in our exclusive book India in Cognitive Dissonance. Past magazine issues can be accessed from the Archives section.