The United States Environmental Protection Agency (EPA) has suffered a massive data breach resulting in the leak of personal information belonging to more than 8.5 million individuals.
USDoD Hacker Group Claims Responsibility for the Data Breach
The hacker collective APT known as USDoD has taken responsibility for the incident and claimed to have successfully compromised the entire EPA contact database. USDoD is no stranger to high-profile cyber attacks, having previously targeted other critical infrastructure organizations in the US.
Analysis of files leaked by USDoD on underground hacking forums indicates the data is legitimate and not fabricated. The files contain three CSV documents with extensive personally identifiable information such as names, addresses, phone numbers and email addresses.
USDoD Posted Data on Breach Forums
Source: Hackread.com
Massive Scale of the EPA Data Breach
After removing duplicate records, it is estimated that around 8.5 million unique accounts are impacted in this breach. The records include individuals, organizations and EPA employees from around the world. This makes it one of the largest data leaks targeting a US government agency.
The leaked files labeled “Contact”, “Inter_Contact” and “Staff” contained different types of records. The contact file had over 3.7 million entries with location details. The inter-contact file contained close to 10 million records with company info. The staff file had 3.3 million EPA employee profiles.
Screenshot from the leaked data
Source: Hackread.com
Cybersecurity experts warn that this type of breach leaves individuals at risk of identity theft and scams. Being in the hands of hackers, the data can also potentially be used for cyber espionage purposes. There are further concerns it may deter future environmental reporting and enforcement work.
Ongoing Investigation in EPA Cyberattack
The EPA and US Cybersecurity and Infrastructure Security Agency (CISA) have been notified about the incident but are yet to publicly acknowledge or comment on the data breach. Investigations are still ongoing to determine the full scope and severity of the EPA cyber attack.
The Hacker Group – USDoD
USDoD (United States Department of Defense) is a pseudonym used by a hacktivist or state-sponsored group.
They have been actively conducting cyber attacks against organizations in the US and allied countries since 2023.
Previous breaches attributed to USDoD include leaking personal data of 87,000 InfraGard members in March 2024.
In January 2024, USDoD hacked into networks of weapons manufacturer Northrop Grumman, stealing terabytes of classified documents. This included design files for next-gen weapons systems like stealth bombers and aircraft carriers.
In 2023, they compromised databases of Pentagon contractors Leidos and General Dynamics, leaking personnel files of thousands of employees.
Cybersecurity firms have linked the hacking tactics, tools and stolen data publications to state-sponsored actors based in Russia.
However, the true identity and motives of USDoD remains unknown due to their use of hacking forums and methods to mask their digital footprints.
Their high-profile attacks mainly seem focused on compromising American defense networks and defense industrial base.
