The United States Citizenship and Immigration Services (USCIS) has refuted the claims of a data breach, claiming that the information leaked was a third-party vendor’s demo data.
Earlier, a US Immigration data breach scare occurred when a vendor claimed to have access to sensitive information belonging to the US agency.
Malware repository and sharing platform vx-underground, which publicly shared IntelBroker’s claim, apologized for the lack of verification.
“The images in the claim are from a vendor-provided demo account with fake names and contact information,” said a government statement.
“No immigration records managed by USCIS have been compromised, and personal identifiable information provided to the agency by applicants and petitioners remains safe.”
“We would like to publicly apologize to everyone who expressed concern over the allegations of the breach,” vx-underground tweeted.
“Unfortunately, from our perspective, by all it accounts it seemed genuine. We had no way to verify whether the data was real.”
US Immigration data breach scare, IntelBroker & the return from hiatus
The claim on USCIS data was a back-in-action post by IntelBroker, a well-known initial access broker from BreachedForums.
IntelBroker’s history as a notorious breached data dealer, and vx-underground’s endorsement, raised genuine concerns.
Ironically, IntelBroker’s claim came on the day the USCIS tweeted a warning about scammers posing as officials to steal personal information or money.
IntelBroker and the tribe of initial access brokers
Initial access brokers (IABs) like IntelBroker specialize in finding and selling access to compromised systems, which can then be used for various nefarious purposes, including stealing sensitive data, deploying ransomware, and conducting espionage.
“Initial Access Brokers are rapidly evolving as an essential component of cybercrime and especially the Ransomware-as-a-Service (RaaS) supply chain,” reported cybersecurity company CYFIRMA.
“IABs’ dedicated focus on the Initial Access stage of the kill chain allows them to evolve and advance their techniques and crack open doors of even well- protected large organizations.”
In recent years, such brokers have become a growing threat to organizations worldwide, as their services can be easily purchased by anyone with enough money, including nation-states, criminal groups, and hacktivists.
IntelBroker has been an active member of the BreachForums since March of 2022.
The Cyber Express has previously reported on several posts made by this individual, including breaches of German-managed IT service provider BITMARCK, US-based internet marketing service Purecars, and Chinese-owned, US-based business Motorola Mobility.
IntelBroker, scamsters, and the USICS alert
On the day IntelBroker made the claim, the United States Citizenship and Immigration Services tweeted a warning to the public about scammers who are posing as USCIS officials to steal personal information or money from unsuspecting victims.
According to USCIS, these scammers are claiming to know someone at USCIS who can expedite their immigration applications in exchange for a fee.
The real USCIS officials will never contact citizens on social media or accept money to help with their immigration case, the immigration service warned.
USCIS advises individuals to be vigilant and report any suspicious activity to the appropriate authorities.
To avoid falling victim to these scams, USCIS recommended that individuals verify the legitimacy of any communication they receive from USCIS by checking the USCIS website or Contacting the USCIS Contact Center.
Additionally, individuals should never provide personal information or payment to anyone claiming to be a USCIS official without first verifying their identity.