Comment: Potentially Sensitive Data From Over 200 US Police Departments Exposed Online By ‘BlueLeak’s

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.

The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.


EXPERTS COMMENTS
Saryu Nayyar, CEO,  Gurucul
June 23, 2020
Going forward, especially with the current election cycle, we can expect to see more events like this.
It's no surprise that Law Enforcement was the target of this data breach. With the current civil and political climate, a wide range of threat actors, from activists to nation-states, would be interested in revealing this sort of confidential information. Going forward, especially with the current election cycle, we can expect to see more events like this. Now is a good time to review and updat ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
June 23, 2020
There are already victims: your customers which in this case is hundreds of police departments.
At the moment, we know that a lot of information has been leaked but not how it was leaked or the potential impact of the data. My advice to Netsential is first to do the right thing, and this doesn’t mean anything unusual. They will know what it is, but remember that your customers, partners and history will see it all and will determine whether you are a hero or a villain. There’s no in-betw ....
[Read More >>]
Niamh Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
June 23, 2020
Police forces will also hold records of criminal convictions or arrests, which are tailor made for cybercriminals
The kind of information held my Police departments is likely to be extremely sensitive – As well as the usual PII organisations would hold, Police forces will also hold records of criminal convictions or arrests, which are tailor made for cybercriminals to use for social engineering or blackmail purposes. If public-facing organisations want to stay in trusted then they must prioritise security a ....
[Read More >>]
Timothy Chiu, Vice President of Marketing,  K2 Cyber Security
June 23, 2020
Every organization’s security depends on the security of all their partners as well as their own.
The ‘BlueLeaks’ event is another good reminder that organizations aren’t silos in data security. Every organization’s security depends on the security of all their partners as well as their own. Your partners need to be practicing as good security hygiene (if not better) than you are in order to protect your shared applications and assets. ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
June 23, 2020
Identifying any potential pollution of law enforcement records will naturally be a high priority, but also a time consuming one.
Ignoring the obvious political aspects of the BlueLeaks data collection, it’s worth asking why the underlying data wasn’t properly protected from accidental viewing. If, as reported, the dataset contains sensitive information including identifiable banking information, suspect images, PDF files, personal information and videos among other items, it would appear that either decryption keys were ....
[Read More >>]
Colin Bastable, CEO ,  Lucy Security
June 23, 2020
The Feds have been living off their reputation and believing their own propaganda for far too long now.
At the heart of cyber-risk is convenience – making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement. The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: “Netsential builds sites with as much or as customer involvement that is desired ....
[Read More >>]
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
June 22, 2020
The eventual outcome of this leak will likely have disastrous effects for many innocent people.
The eventual outcome of this leak will likely have disastrous effects for many innocent people. First, it will likely inflict irreparable reputational, financial and even physical harm to suspects and people charged with crimes who later were acquitted in a court of law. Furthermore, it will jeopardize legally protected people, like witnesses, who helped investigators convict dangerous criminals. ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
June 22, 2020
Not only is up front due diligence necessary, but so is ongoing assurance.
This is a huge breach both in terms of size, the nature of data, and the length of time it spans. While details are not clear as to how the breach occurred, it does look like it stems from a third party, which serves as a reminder for organisations of all sizes that ensuring security across the complete supply chain is vital. Not only is up front due diligence necessary, but so is ongoing assuranc ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article