US EPA Investigates Alleged Data Breach by Government Hacker
The U.S. Environmental Protection Agency is investigating claims that a notorious government hacker leaked a trove of contact information from the agency's database of critical infrastructure contractors.
The threat actor known as USDoD released what he said is 500 megabytes of contact information and other data from the EPA's database on a publicly accessible hacking forum Sunday. Information Security Media Group confirmed that the post remained published on the forum as of Monday afternoon and featured zipped files claiming to include everything from full names and email addresses to information about physical addresses for agency contractors.
“Hello Breachforums, this is your favorite TA and today I’m proud to say that I’m releasing epa.gov database of contact list," the post read. "This is their entire contact of [critical infrastructure] not only for the USA but for the entire globe." An agency spokesperson said the agency conducted a "preliminary analysis" of the allegedly leaked data, finding that the records appear to contain business contact information already available to the public "to provide a comprehensive picture of environmental impacts."