The US Environmental Protection Agency (EPA) reportedly had its global contact list of critical infrastructure contacts stolen and posted on a data leak forum.
EPA Contact List Data Leak
Attackers shared the EPA’s list over the weekend, asserting that it contains all contact information the US environment watchdog has for critical infrastructure facilities worldwide.
The dataset, purportedly containing a massive 15 million data points on 8.5 million individuals, includes names, surnames, email addresses, phone numbers, job titles, and company names.
Verification of the Data Leak
Cybernews researchers examined the data sample included in the post and concluded that the information appears to be authentic. However, the latest data point in the leaked dataset is from 2016.
The dataset was uploaded by an attacker known as “USDoD,” who has claimed responsibility for several high-profile hacks, including Airbus, Deloitte, NATO, CEPOL (European Union Agency for Law Enforcement Training), Europol, and Interpol.
Potential Consequences of the Data Leak
The threat actor claims to possess three databases weighing 3GB when compressed. While the information is outdated, attackers could still utilize it for targeted phishing attacks. Successful phishing attacks could grant threat actors access to critical infrastructure facilities.
For instance, “USDoD” previously claimed to have gained access to Airbus by compromising a Turkish Airlines employee account.
The EPA is an independent agency of the US government responsible for environmental protection. Headquartered in Washington, DC, it employs over 14,000 staff members.