A hacking group has publicly released the personal information of hundreds of U.S. federal government officials, including employees of the Department of Homeland Security (DHS), the FBI, and the Department of Justice (DOJ), according to 404 Media. The data, which includes names, phone numbers, and apparent residential addresses, was posted on Thursday in a Telegram channel.
Details of the data leak
The group, calling itself “Scattered LAPSUS$ Hunters,” published multiple spreadsheets containing the sensitive data. One file listed the information of 680 DHS officials, another contained over 170 FBI email addresses and their owners, and a third detailed the personal information of more than 190 DOJ officials.
The data was partially corroborated by the original reporting outlet, 404 Media, which used information from the cybersecurity company District 4 Labs to confirm that many of the details corresponded to actual government employees. The source of the data remains unclear; it could have been compiled from previous breaches or obtained through a new, government-specific intrusion.
Alongside the data dump, the hackers posted several taunting messages. One message, “I want my MONEY MEXICO,” referenced a recent, unevidenced claim by the DHS that Mexican cartels were offering to pay for the doxing of federal agents. Another message read, “Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].” The group also threatened to release data on IRS officials next.
Who are the Scattered LAPSUS$ Hunters?
Scattered LAPSUS$ Hunters is a name that amalgamates several well-known hacking entities that emerged from a loose-knit online community known as “the Com.” This community has been linked to other high-profile groups, including Scattered Spider, responsible for the ransomware attack on MGM Resorts, and LAPSUS$, which targeted major gaming companies. This latest iteration recently gained attention for threatening to publish data related to customers of Salesforce.
The incident occurs as the DHS has stated that its officers are facing a significant increase in physical threats and online doxing. This is not the first mass doxing of federal employees; in 2016, a group called Crackas With Attitude posted the personal information of approximately 20,000 FBI agents and 9,000 DHS officials.
The DHS, FBI, and Department of Justice did not respond to requests for comment on the latest breach.
