CyberScout

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

blueleaks
Getty Images

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week.

The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.”

According to the leakers, the dump included, “Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more,” DDoSecrets announced on its Twitter feed (Twitter has since banned the DDoSecrets account).

A security breach at Netsential, a Houston-based web hosting company, which primarily serves law enforcement agencies and fusion centers is thought to be the source of the leak. Hackers claiming to be associated with Anonymous have taken credit for the breach.

Included in the data set are emails, audio, video, scanned documents, bulletins, guide, and police and FBI reports. Documents and records in the data span nearly 24 years, from August 1996 to June 2020.

Cybersecurity experts and law enforcement officials have expressed concern about the potentially sensitive nature of some of the data.

“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” said former Department of Homeland Security assistant secretary of policy Stewart Baker. “Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly.”

“[T]he eventual outcome of this leak will likely have disastrous effects for many innocent people, including people charged with crimes who later were acquitted,” said the founder and CEO of web security company Immuniweb, adding that the data had the potential to “jeopardize legally protected people, like witnesses, who helped investigators convict dangerous criminals.” 

The data is currently available in a searchable format on a server managed by DDoSecrets. We would not advocate looking at the data, but if you do it is advisable to use a VPN and exercise extreme caution.