Major Data Breach at US Environmental Protection Agency, Over 8.5 Million Records Leaked by USDoD

Written by Gabby Lee

April 14, 2024

Major Data Breach at US Environmental Protection Agency, Over 8.5 Million Records Leaked by USDoD

The United States Environmental Protection Agency (EPA) has suffered a massive data breach resulting in the leak of personal information belonging to more than 8.5 million individuals.

USDoD Hacker Group Claims Responsibility for the Data Breach

The hacker collective APT known as USDoD has taken responsibility for the incident and claimed to have successfully compromised the entire EPA contact database. USDoD is no stranger to high-profile cyber attacks, having previously targeted other critical infrastructure organizations in the US.

Analysis of files leaked by USDoD on underground hacking forums indicates the data is legitimate and not fabricated. The files contain three CSV documents with extensive personally identifiable information such as names, addresses, phone numbers and email addresses.

USDoD Hacker Group Claims Responsibility for the EPA Data Breach

USDoD Posted Data on Breach Forums


Massive Scale of the EPA Data Breach

After removing duplicate records, it is estimated that around 8.5 million unique accounts are impacted in this breach. The records include individuals, organizations and EPA employees from around the world. This makes it one of the largest data leaks targeting a US government agency.

The leaked files labeled “Contact”, “Inter_Contact” and “Staff” contained different types of records. The contact file had over 3.7 million entries with location details. The inter-contact file contained close to 10 million records with company info. The staff file had 3.3 million EPA employee profiles.

Major Data Breach at US Environmental Protection Agency, Over 8.5 Million Records Leaked by USDoD

Screenshot from the leaked data


Cybersecurity experts warn that this type of breach leaves individuals at risk of identity theft and scams. Being in the hands of hackers, the data can also potentially be used for cyber espionage purposes. There are further concerns it may deter future environmental reporting and enforcement work.

Ongoing Investigation in EPA Cyberattack

The EPA and US Cybersecurity and Infrastructure Security Agency (CISA) have been notified about the incident but are yet to publicly acknowledge or comment on the data breach. Investigations are still ongoing to determine the full scope and severity of the EPA cyber attack. 

The Hacker Group – USDoD

USDoD (United States Department of Defense) is a pseudonym used by a hacktivist or state-sponsored group.

They have been actively conducting cyber attacks against organizations in the US and allied countries since 2023.

Previous breaches attributed to USDoD include leaking personal data of 87,000 InfraGard members in March 2024.

In January 2024, USDoD hacked into networks of weapons manufacturer Northrop Grumman, stealing terabytes of classified documents. This included design files for next-gen weapons systems like stealth bombers and aircraft carriers.

In 2023, they compromised databases of Pentagon contractors Leidos and General Dynamics, leaking personnel files of thousands of employees.

Cybersecurity firms have linked the hacking tactics, tools and stolen data publications to state-sponsored actors based in Russia.

However, the true identity and motives of USDoD remains unknown due to their use of hacking forums and methods to mask their digital footprints.

Their high-profile attacks mainly seem focused on compromising American defense networks and defense industrial base.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!