The EPA has disclosed that the recent data leak by threat actor USDoD appears to include “business contact information already available to the public.” It is unclear if this statement refers to only a portion of the data, or all of it. They said the information was previously released to provide the public “a comprehensive picture of environmental impacts.” No further details regarding the exposed information were provided by the EPA amid ongoing investigation. However, the data, which allegedly impacts 8.5 million people, is legitimate information as revealed through examination. For more information, see SC Media or Cybernews.
April 9, 2024
The EPA is reportedly in the midst of a suspected security breach as of Sunday morning, April 7. The attacker, operating under the alias “USDoD,” has allegedly leaked the data of 8.5 million users purporting to include both customers and contractors. Analysis conducted by Hackread.com indicates that the data presented by USDoD appears legitimate, but conclusive verification can only come from the EPA who is still investigating the data breach claims as of this morning.
According to the review, the data contains: zip codes, full names, fax numbers, phone numbers, email addresses, mailing addresses, email domains, job titles, company name and address, and country, city, and state information. Fortunately, the breach lacked password information, though it still poses serious risk of targeted campaigns and opens doors for state-sponsored cyber espionage.
Who is USDoD?
A repeat federal offender, USDoD is responsible for multiple breaches against federal agencies. Exploits have included InfraGard, a sensitive security program funded by the FBI and dedicated to safeguarding U.S. critical infrastructure, where 87,000 members had data exposed, and a subsequent campaign where 3,200 Airbus vendors had data compromised. USDoD, previously known as “NetSec” on RaidForums, has gained notoriety after its “#RaidAgainstTheUS” campaign which targeted the U.S. Army and Defense contractors.
This incident highlights how threat actors like USDoD are continuing to target critical infrastructure at an increasing rate and underscores the water sector’s need to secure itself against these types of threats. For more information about the recent data breach, see Hackread, and to learn more about the hacker USDoD, access CSO Online.