The US federal arm tasked with environmental protection matters, the Environmental Protection Agency (EPA), is allegedly experiencing a data breach affecting over 8.5 million users.
The breach, which has reportedly exposed personal and sensitive information belonging to EPA’s customers and contractors, was claimed by a hacker operating under the alias USDoD on Sunday.
“Hello Breachforums, this is your favorite TA and today I’m proud to say that I’m releasing epa.gov database of contact list. This is their entire contact of Critical Infra not only for the USA but for the entire globe” USDoD posted on the dark web.
Various reports confirm the legitimacy of USDoD’s claims and have published the details of their own analysis. The EPA hasn’t yet confirmed the breach.
Breached data include personal user data
An analysis of the leaked database by Hackread.com found it containing three zipped files with 500MB of data inside, all in CSV formats. The files are named: Contact (3,726,130 records), Inter_Contact (9,952,374 records), and Staff (3,325,973 records).
While “Zipcodes,” “Full names,” “Phone numbers,” “Email addresses,” and “County, City, States,” were the common fields in all of these files, the Contact file had additional fields such as “Fax numbers” and “Mailing addresses.” Inter_Contact file had extra “Email domains” and “Company name and address” fields, whereas additional details in the staff file included “Business Addresses,” “Company names” and “Related industries”.
Upon filtering out the duplicate records, the total accounts breached amounted to nearly 8.5 million (specifically 8,460,182).
USDoD is a repeat federal offender
This isn’t the first time USDoD has sneaked into a federal system. Previously known as “NetSec” on RaidForums, USDoD has gained notoriety since the threat actor’s “#RaidAgainstTheUS” campaign targeting the US Army and Defense contractors.
In December 2022, USDoD posted hacked data from InfraGard, a partnership between the FBI and private sector firms, which consisted of personal details about 87000 members of InfraGrad. A subsequent breach included a data leak of 3200 Airbus vendors that USDoD managed to capture using the compromised credentials of a Turkish Airline employee.
“USDoD’s hacking approach heavily relies on social engineering, particularly impersonation. [The hacker] often gains access to high-profile entities by impersonating key individuals,” according to USDoD’s official X account bio.
USDoD was revealed by SOCRadar to be a man in his mid-30s with roots in South America. Earlier reports from February 2022, according to SOCRadar, had painted him as a pro-Russian threat actor which he refuted later on saying his association with Russia was strictly business and non-political.
USDoD maintains a dedicated Telegram channel, SparrowCorp, to update his followers about his recent hacks and share links for sales of the leaked data. On April 7, he made two posts regarding the EPA breach. “I got access to a US federal jurisdiction data that will make InfraGard look like an amateur job,” the hacker posted about 12 hours before adding, “Good evening, Community. Epa gov database have been shared with a total of 15M rows.”