Government , Incident & Breach Response , Industry Specific

US EPA Investigates Alleged Data Breach by Government Hacker

Hacker Claims to Leak Trove of Records Belonging to Environmental Protection Agency
US EPA Investigates Alleged Data Breach by Government Hacker
The U.S. Environmental Protection Agency is investigating a potential leak of critical infrastructure contractor contact information. (Image: Shutterstock)

The U.S. Environmental Protection Agency is investigating claims that a notorious government hacker leaked a trove of contact information from the agency's database of critical infrastructure contractors.

See Also: The SIEM Buyer’s Guide for the Public Sector

The threat actor known as USDoD released what he said is 500 megabytes of contact information and other data from the EPA's database on a publicly accessible hacking forum Sunday. Information Security Media Group confirmed that the post remained published on the forum as of Monday afternoon and featured zipped files claiming to include everything from full names and email addresses to information about physical addresses for agency contractors.

"Hello Breachforums, this is your favorite TA and today I'm proud to say that I'm releasing database of contact list," the post says. "This is their entire contact of [critical infrastructure] not only for the USA but for the entire globe."

An agency spokesperson said the agency conducted a "preliminary analysis" of the allegedly leaked data and found that the records appear to contain business contact information already available to the public "to provide a comprehensive picture of environmental impacts."

The post in question claims to include the entirety of the EPA's global critical infrastructure contact list - more than 15 million records potentially associated with an estimated 8.5 million users, according to an analysis conducted by

Hacking experts and security analysts have suggested that the leaked records appear legitimate, but the EPA has not confirmed their authenticity. The threat actor behind the latest alleged leak has previously targeted U.S. military and defense contractors and in 2022 obtained names and email addresses of members of InfraGard, a FBI public-private cybersecurity forum InfraGard.

While the alleged leak does not appear to contain passwords to critical infrastructure systems, the exposure could make listed individuals and organizations vulnerable to phishing, according to analysts. The EPA has meanwhile been warning critical infrastructure owners and operators about the recent threats posed by state-sponsored threat actors to water and wastewater systems nationwide (see: New Guidance Urges US Water Sector to Boost Cyber Resilience).

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.