Article Details

Feds probe massive alleged classified US govt data theft and leak. State Dept keeps schtum 'for security reasons'. Uncle Sam is investigating claims that a criminal stole and leaked classified information from the Pentagon and other national security agencies. The US Department of State "is aware of claims that a cyber incident has occurred and is currently investigating," a spokesperson told The Register. "The Department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the Department's cybersecurity posture. For security reasons, we will not provide details on the nature and scope of the claim." A miscreant who goes by IntelBroker made the claim, and on Tuesday said they dumped all of the stolen data on the dark web.  The leak, spotted by Dark Web Informer, allegedly consists of a treasure trove of confidential communications and contact info for government and military officials including names, email addresses, office and personal cell phone numbers belonging to Pentagon and government employees, plus classified and confidential documents shared between the Five Eyes' intelligence agencies and other US allies. IntelBroker bragged about the leak on X (the site formerly know as Twitter) before being booted from the social media platform — and said they obtained the data after breaching the IT environment of Acuity, a Virginia-based consulting firm that works with the US government and national security organizations. Acuity did not respond to The Register's request for comment. We will update this story if and when we receive a response. The intrusion reportedly happened last month, and at the time the crook claimed to have stolen sensitive information belonging to US Immigration and Customs Enforcement (aka ICE) and US Citizenship and Immigration Services, and including personal details about 100,000 victims plus emails and passwords. IntelBroker allegedly used a zero-day bug in GitHub to access Acuity's tokens and snatch the government data. This follows an earlier incident of State Department data theft, also via a third-party breach and also involving Microsoft, which owns GitHub. In June 2023, a Chinese-government backed group, Storm-0558, compromised Microsoft keys and breached its Exchange Online hosted email service, then stole some 60,000 emails from the State Department, plus a list of all its employees' email addresses.