Threat actors USDoD and SXUL have claimed responsibility for an alleged major prison data breach compromising of approximately 70 million rows of sensitive data linked to a criminal database, on LeakBase.
While no further details were shared about the specific prison(s) involved, the threat actor shared sample data allegedly stemming from the claimed prison data breach.
Prison Data Breach Allegedly Includes Wide Array of Data
The prison data leak reportedly includes unique identification numbers, Social Security Numbers, full names, dates of birth, birth states, physical features, Home and alternate addresses, offense codes, offense dates, offense descriptions, court dispositions, conviction dates and dates of charges.
The data had been shared in .csv format and is stated at being 3GB in file size when compressed and 22GB while uncompressed. This data is stated to consist of data from the year 2020 to 2024 and the sample data purporting to be details of at least three convicted individuals were shared.
While this marks the first time the threat actor USDoD has posted on LeakBase, the threat actor claimed they would use it only until they got their own forum active. USDoD had earlier announced the creation of a new leak forum, choosing to name it ‘Breach Nation’.
While the details of the attack and their alleged involvement is unknown, USDoD credited the threat actor SXUL for the prison data breach. In a later reply to the thread, he clarified that the breach stemmed from the United States.
USDoD Known to Target Government Related Data
The threat actor has frequently targeted government, defense/law-enforcement contractors and geo-political entities, with most of his operations primarily focused on the United States as noticed during the #RaidAgainstTheUS campaign.
The incidents under the two-day release campaign in February 2022 included a a US Strategic Command database, US Defense Technical Information Center database, an Army Special Operations Center of Excellence database, a US Central Command database, a U.S. Special Operations Command database, and a Lockheed Martin database.
While believed to harbor Pro-Russian ties or sympathies, he has denied any involvements with governments or political entities. This denial included a statement of him claiming he had refused an offer to sell compromised intel to the Iranian government after being approached by them. Interestingly, the threat actor maintained Russia as among the nations he would refuse to target along with Iran.
USDoD is known to rely on social engineering techniques to break into high-profile agencies or entities, and his previous attacks have included the FBI’s private partner InfraGard, leak of Airbus data on the 22nd anniversary of the 9/11 attacks, NATO Cyber Center Defense, and CEPOL.
USDoD has disclosed that the use of tools such as Zoominfo to identify and research targets as well as their importance within the military and defense sector. Within the the Airbus post, the threat actor also threatened attacks on Lockheed martin, Raytheon and other entire defense contractors.
Recently, the actor claimed attacks on entities such as the unconfirmed Chinese Communist Party data leak and the Bureau Van Dijk(which has since then been refuted), since then the threat actor seems to be working on setting up their own content delivery network to host leak files as well as their own data leak forum.
While the prison data breach remains unconfirmed, the threat actor’s previous involvement in high-profile social engineering attacks remains a cause of concern for future operations and claims along with potential consequences stemming from the alleged prison member data leak.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
