US Environmental Protection Agency investigates possible leak of critical infrastructure contractors

The U.S. Environmental Protection Agency (EPA) is investigating claims of a data breach.

A hacker going by the pseudonym USDoD claims to have leaked a substantial amount of contact information from the EPA's database including details on critical infrastructure contractors both within the United States and globally. According to the hacker, the list encompasses the entire global contact database for critical infrastructure, potentially affecting more than 15 million records tied to approximately 8.5 million users, including:

• full names,
• email addresses,
• physical addresses of agency contractors.

While the leaked data does not appear to contain passwords to critical infrastructure systems, the exposure of such extensive contact information could potentially render the individuals and organizations listed vulnerable to phishing attacks.

No details are available about the nature of the breach.

The EPA has conducted a preliminary analysis of the leaked data and initially assessed that the records seem to consist of publicly accessible business contact information. However, the EPA has yet to officially verify the authenticity of the records.