Hackers posted personal information on FBI, Secret Service and other federal employees as well as police officers nicked from three websites associated with the FBI National Academy (FBINAA).
“We believe we have identified the three affected Chapters that have been hacked and they are currently working on checking the breach with their data security authorities,” the group said in a statement, which stressed that its national database server provider has said the FBINAA national database is secure.
In each of the three instances, FBINAA said, “a third-party software was being used by the affected Chapters, however it is still too early to determine if this impacted the breach.”
Information exposed included emails, phone numbers, employers’ names and home addresses of FBINNA alumni.
“If it is determined that there has been felonious activity, we well prosecute the culprits to the fullest extent of the law,” the organization said.
While “revealing any type of information regarding FBI agents can have dangerous outcomes,” said Lisa Baergen, vice president of marketing for NuData Security, “in this particular case, with email addresses and names revealed, other agents can be targeted by phishing campaigns to steal their credentials or inject malware that could lead to access into the FBI’s network.”
The stolen information can also be sold to others “who can build a complete profile on the victims,” said Baergen. “This is a good reminder that government agencies need to harden access to valuable data and secure their supply chain as well as employ the latest technologies to correctly verify users that access their network based on their behavior and not on their credentials only.”