{
	"id": "3e921312-5fa6-4112-ba8c-fcb9db18db9c",
	"created_at": "2026-04-06T00:21:43.445004Z",
	"updated_at": "2026-04-10T13:12:56.09857Z",
	"deleted_at": null,
	"sha1_hash": "bb1e2137d366d6e1a6d2ae80115d4baa7ff34306",
	"title": "Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data (UPDATED)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 312118,
	"plain_text": "Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA)\r\nContact Data (UPDATED)\r\nPublished: 2024-04-07 · Archived: 2026-04-05 14:26:02 UTC\r\nThe U.S. Environmental Protection Agency (EPA) is experiencing a major data leak incident involving a known\r\nhacker using the alias USDoD. This issue involves a third-party company and affects over 8.5 million users and\r\nbusinesses around the world.\r\nThis article has been updated to include a statement from CISA and a response from the hacker.\r\nThe U.S. Environmental Protection Agency (EPA) is facing a data leak, carried out by a hacker operating under\r\nthe alias USDoD. This data leak has exposed personal and sensitive information belonging to more than 8.5\r\nmillion users, including customers and contractors.\r\nThe data breach was brought to light on the morning of Sunday, April 7, 2024. Notably, USDoD has a history of\r\nengaging in high-profile data breaches, with previous incidents including the exposure of data from 87,000\r\nmembers of InfraGard, a sensitive security program funded by the FBI and dedicated to safeguarding critical\r\ninfrastructure in the United States.\r\n“Hello Breachforums, this is your favorite TA and today Im proud to say that Im releasing epa.gov\r\ndatabase of contact list. This is their entire contact of Critical Infra not only for the USA but for the\r\nentire globe.”\r\nUSDoD\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 1 of 6\n\nRegarding the data leak, the hacker told Hackread.com that the leak contains the entire contact database of the\r\nagency. Analysis conducted by Hackread.com indicates that the data provided by USDoD appears to be legitimate;\r\nhowever, conclusive verification can only be provided by the U.S. Environmental Protection Agency.\r\nUSDoD on Breach Forums (Screenshot credit: Hackread.com)\r\nMeanwhile, a review of the leaked file reveals a 500MB Zip archive containing three CSV files labelled\r\n“Contact,” “Inter_Contact,” and “Staff.” An assessment of these files reveals the presence of the following\r\ninformation:\r\nContact File (3,726,130 Records)\r\nZipcodes\r\nFull names\r\nFax numbers\r\nPhone numbers\r\nEmail addresses\r\nMailing addresses\r\nCountry, city, States\r\nInter_Contact File (9,952,374 Records)\r\nZipcodes\r\nFull names\r\nPhone numbers\r\nEmail addresses\r\nEmail domains\r\nCountry, City, State\r\nCompany name and address\r\nStaff File (3,325,973 Records)\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 2 of 6\n\nZipcodes\r\nFill names\r\nJob titles\r\nCompany names\r\nEmail addresses\r\nBusiness Addresses\r\nPhone numbers\r\nRelated industries\r\nCountry, city and States\r\nFollowing the removal of duplicate records, the total number of accounts involved in the breach stands at nearly\r\n8.5 million, specifically 8,460,182.\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 3 of 6\n\nScreenshot from the leaked data (Credit: Hackread.com)\r\nHackread.com has notified the U.S. Environmental Protection Agency (EPA) and CISA regarding the data breach.\r\nAny response from either agency will lead to an update to this article.\r\nUPDATE\r\nUPDATE: 22:02 Monday, 8 April 2024 (GMT) – CISA has responded to Hackread.com confirming that the\r\nincident has been investigated by the FBI and the leaked data is already publicly available.\r\n“FBI engaged EPA on Friday 4/5 where EPA determined the data reportedly taken as publicly available\r\nand the reported compromise to be a non-issue, per their internal hunting elements.”\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 4 of 6\n\nCISA\r\nUSDoD’s Response\r\nDuring a conversation with Hackread.com, the hacker stated that they never breached the EPA and that the data\r\nwas indeed publicly available. They claimed to have extracted it from a Philadelphia-based third-party platform\r\ncalled DataRefuge.\r\nThe hacker also admitted that their post on Breach Forums should have clarified that there was no data breach of\r\nthe EPA involved in the incident. However, they emphasized that the data is 100% authentic and of high\r\nimportance, comparable to if an agency had been breached.\r\nThe Good and Bad news\r\nThe good news amidst this breach is the absence of passwords. However, the seriousness of the situation can be\r\nunderstood by the fact that the leaked data is now circulating within Russian hacker and cybercrime forums.\r\nDevastating First Quarter of 2024 for US So Far\r\nThe first quarter of 2024 has proven to be quite challenging for the United States, a nation that holds influential\r\nglobal power and consequently becomes an attractive target for cybercriminals. Despite ongoing efforts to\r\nstrengthen its critical infrastructure, the country has faced a surge in successful cyber attacks, resulting in\r\nwidespread disruption and compromise.\r\nIn January, EquiLend, a prominent financial technology firm, fell victim to a large-scale ransomware attack. As a\r\nresult, it was confirmed that the incident also led to a data breach, exposing sensitive employee information.\r\nMarch witnessed the cyber attack from IntelBroker hacker against Acuity Inc., a federal contractor, resulting in\r\nthe exposure of critical records belonging to U.S. Citizenship and Immigration Services (USCIS) and U.S.\r\nImmigration and Customs Enforcement (ICE). Although initially denied, Acuity Inc. eventually acknowledged\r\nthe hack.\r\nIn February, the same hacker targeted the security of Los Angeles International Airport, compromising the\r\npersonal data of 2.5 million private plane owners. Shortly thereafter, in March, American Express disclosed a\r\nsignificant data breach involving third-party contractors, impacting its cardholders.\r\nThe latest alleged data breach occurred on April 4, 2024, when the IntelBroker hacker leaked personal data\r\nbelonging to over 22,000 Home Depot employees on BreachForums.\r\n1. Data Sec: Congress Bans Staff Use of Microsoft’s AI Copilot\r\n2. US, China Exposed Most Databases Among 308,000 Found\r\n3. Sony Data Breach via MOVEit Flaw Affects Thousands in US\r\n4. Vietnamese DarkGate Malware Targets META Accounts in US\r\n5. Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 5 of 6\n\nSource: https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nhttps://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/"
	],
	"report_names": [
		"us-environmental-protection-agency-hacked-data-leaked"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "80edca9f-dcd6-491e-92f3-87ad1f575631",
			"created_at": "2023-10-14T02:03:14.694988Z",
			"updated_at": "2026-04-10T02:00:05.021046Z",
			"deleted_at": null,
			"main_name": "NetSec",
			"aliases": [
				"NetSec",
				"Operation Data Breach",
				"ScarFace_TheOne",
				"USDoD"
			],
			"source_name": "ETDA:NetSec",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "82a51997-1402-41c3-86df-6f9e522b2ba8",
			"created_at": "2024-04-27T02:00:03.554045Z",
			"updated_at": "2026-04-10T02:00:03.63698Z",
			"deleted_at": null,
			"main_name": "USDoD",
			"aliases": [],
			"source_name": "MISPGALAXY:USDoD",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0263e1e1-4568-410a-a5e4-6932db1d40da",
			"created_at": "2024-06-26T02:00:04.854969Z",
			"updated_at": "2026-04-10T02:00:03.667295Z",
			"deleted_at": null,
			"main_name": "IntelBroker",
			"aliases": [],
			"source_name": "MISPGALAXY:IntelBroker",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434903,
	"ts_updated_at": 1775826776,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bb1e2137d366d6e1a6d2ae80115d4baa7ff34306.pdf",
		"text": "https://archive.orkl.eu/bb1e2137d366d6e1a6d2ae80115d4baa7ff34306.txt",
		"img": "https://archive.orkl.eu/bb1e2137d366d6e1a6d2ae80115d4baa7ff34306.jpg"
	}
}