US federal employee data leaked, claimed by hacker trio


A group of attackers claim to have breached Acuity, a tech consulting firm working with national and public safety authorities. Federal agents’ data and classified documents were allegedly leaked.

The alleged leak was posted on a popular data leak forum, which attackers use to buy, sell, or showcase stolen data. The attackers claim to have breached Acuity Inc., a US national security tech contractor.

“Today, I am releasing the documents belonging to the Five Eyes Intelligence Group. This data was obtained by breaching into Acuity Inc, a company that works directly with the US Government and its allies,” the attackers boasted.

ADVERTISEMENT

Meanwhile, Acuity denies any recent data was taken from its system. According to the company's CEO Rui Garcia, Acuity "recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information." Garcia claims that the issue was a zero-day vulnerability and the company mitigated it in accordance with the vendor's guidance.

"After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients’ sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers’ data seriously and is implementing appropriate measures to secure its operations further," Garcia said.

Acuity leak
Post announcing the leak. Image by Cybernews.

Acuity is a Virginia-based tech consulting firm offering “deep domain expertise” services to agencies that protect “the nation’s citizens, global reputation, and critical assets.”

The Cybernews research team investigated the data sample and concluded that while it could contain some sensitive data, the scale of the leak is overblown. For example, the database where the information was allegedly stolen suggests the data could be test data.

"The dump itself is strange, as it has some formatting issues that would be incompatible with SQL – meaning it cannot be restored into a local database for easier analysis," our researchers said.

According to the team, the information in the data dump appears to be several years old with latest entries coming from 2016. The database contains 650 unique email addresses, including misspelled emails.

Who's behind the supposed breach?

ADVERTISEMENT

The breach was allegedly carried out by a trio of attackers, one of whom, IntelBroker, is known to have targeted high-profile targets in the past, such as General Electric, T-Mobile, DC Health Link, the US Citizenship and Immigration Services (USCIS), and Facebook Marketplace.

The Acuity post on the data leak forum claims that stolen details include a wide array of information, from details on employees from the FBI, State Department, Department of Justice, and Department of Homeland Security to classified information between the US and its allies.

Notably, the leak supposedly includes documents shared between the US and members of the Five Eyes, an anglosphere intelligence alliance consisting of the US, UK, Canada, Australia, and New Zealand.

A data sample that attackers attached to the post supposedly includes memos that resemble the communication format embassies use. Other alleged documents discuss various operations and state-supported programs.

However, due to the supposed sensitivity of the documents, there’s no way to verify whether the information is legitimate.

Meanwhile, the federal employee details sample includes full names, email addresses, office numbers, and phone numbers. We could match some of the names and email addresses in the data sample with those of existing US employees, yet the posts’ authors could have uploaded publicly available information.