US authorities have downplayed a Department of Justice (DoJ) data breach, saying no sensitive data was exposed.
On the weekend of 6-7 February 2016, a hacker or hacker group using the Twitter handle @DotGovs claimed to have downloaded the details of thousands of FBI and Department of Homeland Security (DHS) employees from a DoJ database.
Subsequently, DotGovs posted links to what it claimed was a directory of more than 9,000 DHS employees and a directory of more than 22,000 FBI employees.
The FBI list included the names, job titles, phone numbers and email addresses of nearly 1,300 intelligence analysts and almost 1,800 special agents, reported Business Insider.
Security commentators pointed out, however, that the information was not sensitive and could have been collected from a variety of public online sources.
Independent security consultant Graham Cluley said although the data was not sensitive, it could be used by cyber criminals and state-sponsored hackers to target employees.
“Much more needs to be done to instil proper security practices and prevent such incidents from occurring again,” he wrote in a blog post.
This includes educating employees not to put themselves at risk through the information they willingly share online on social media such as LinkedIn.
Cluley said a search for “Department of Homeland Security” on LinkedIn yielded more than 21,000 results, proving that it may not be necessary to break into an organisation’s network to find out employee information.
The breach also appeared to have been socially or politically motivated, rather than as some other form of criminal activity, with some DotGovs tweets including pro-Palestinian messages, reported SlashGear.