- A hacker claims to have stolen sensitive information from the Florida Department of State
- The data includes email addresses on almost 500,000 people
- The email addresses could be used in tailored phishing attacks
The Florida Department of State, the government organization tasked with overseeing elections, corporate registrations, historical and cultural resources, and library services, was allegedly hacked, with the attackers claiming to have stolen hundreds of thousands of records, including people’s email addresses.
Researchers from Incogni explained a user with the alias Rey posted a new thread on an underground forum, claiming to have hacked the Florida Department of State and stealing 568,835 records.
The data contains sensitive personal information belonging to “individuals associated with the Department”. While that could mean employees, or clients, given that the database is quite large, it could mean the general public, as well.
No confirmation yet
In any case the stolen data includes first and last names, postal addresses, and email addresses.
The latter is particularly worrisome, since it can be used for tailored phishing attacks. Threat actors could impersonate the Florida Department of State, and since the victims already interacted with the organization, they could be more susceptible to the attack.
For Incogni, leaked information on postal addresses is even more concerning, since it can lead to address fraud or even physical harm to state employees, as well as possible identity theft.
In total, 487,961 unique email addresses were allegedly grabbed. At press time, there is no confirmation on the authenticity of the hack. The Florida Department of State is yet to address the claims, as there are no updates in its newsroom site. Therefore, we don’t know if the affected people were notified of the breach at all.
Furthermore, Have I Been Pwned?, a website that aggregates email addresses from known breaches, has not yet added this information to its database.
Incogni advises everyone who thinks they might have been affected to update their passwords, first. “While no passwords were reported stolen, it’s a good idea to change them just in case. If you use the same password on other websites, be sure to update those too, and make sure each one is strong and unique,” the researchers said.
Furthermore, being more cautious with incoming email messages can never hurt. Finally, keeping a close eye on all accounts, especially bank and credit accounts, is also advised.
You might also like
https://cdn.mos.cms.futurecdn.net/wBA63zhGK4GEWGaAEY7UHd-1200-80.jpg
Source link