Show vulnerabilities with patch / with exploit
23 June 2020

Sensitive data from 200 US police departments & fusion centers exposed in BlueLeaks data dump


Sensitive data from 200 US police departments & fusion centers exposed in BlueLeaks data dump

A hacktivist group called Distributed Denial of Secrets (DDoSecrets) has leaked online a trove of sensitive data belonging to more than 200 police departments, law enforcement training and support resources and fusion centers (state-owned entities that gather public safety data) across the US.

DDoSecrets is a WikiLeaks-style organization that describes itself as a “transparency collective” whose goal is the “free transmission of data in the public interest.”

The 269 GB data dump, dubbed “BlueLeaks”, has been published on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.

In a message on Twitter DDoSecrets said that BlueLeaks data dump comprised of “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

According to the security blogger Brian Krebs who first broke the news, the National Fusion Center Association (NFCA) has confirmed the validity of the compromised data.

The NFCA findings indicate that based on the dates of the leaked files BlueLeaks dump covers nearly 24 years - from August 1996 through June 19, 2020. Furthermore, the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files, as well as emails and associated attachments.

“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports,” the NFCA said.

According to the NFCA, the source of the leak is the data breach at Netsential, a web development company based in Texas, which provides web services to many US law enforcement agencies and fusion centers.

“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote in its internal report. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

Back to the list

Latest Posts

Vulnerability summary for the week: July 10, 2020

Vulnerability summary for the week: July 10, 2020

Weekly vulnerability digest.
10 July 2020
Evilnum, FIN6, and Cobalt Group share the same malware provider

Evilnum, FIN6, and Cobalt Group share the same malware provider

The Evilnum group’s toolset and infrastructure have evolved and now include custom malware as well as tools bought from a MaaS provider called Golden Chickens.
10 July 2020
RCE-bug found in Zoom client for Windows

RCE-bug found in Zoom client for Windows

The flaw is only exploitable on systems running Windows 7 and older Windows versions.
10 July 2020