- A hacker claims to have stolen confidential information from the State Department of Florida
- Data include email addresses in almost 500,000 people.
- Email addresses could be used in custom phishing attacks
The State Department of Florida, the government organization in charge of supervising the elections, corporate records, historical and cultural resources and library services, was allegedly pirated, and the attackers claimed to have stolen hundreds of thousands of records, including people’s email addresses.
Incogni researchers explained that a user with alias Rey published a new thread in an underground forum, claiming to have pirate the State Department of Florida and stealing 568,835 records.
The data contains confidential personal information that belongs to “individuals associated with the department.” While that could mean employees, or customers, since the database is quite large, the general public could also mean.
There is no confirmation yet
In any case, stolen data includes first and surname names, postal addresses and email addresses.
The latter is particularly worrying, since it can be used for custom phishing attacks. The threat actors could impersonate the State Department of Florida, and since the victims already interacted with the organization, they could be more susceptible to the attack.
For the incogni, the information filtered on postal addresses is even more worrying, since it can lead to addressing fraud or even physical damage to state employees, as well as a possible identity theft.
In total, 487,961 unique email addresses were supposedly taken. At the time of publication, there is no confirmation about the authenticity of hack. The Florida State Department has not yet approached the claims, since there are no updates in its writing site. Therefore, we do not know if the affected people were notified of the violation at all.
In addition, I have been Pwned?, A website that adds known infractions email, has not yet added this information to your database.
Incogni advises all who think they could have been affected to update their passwords, first. “While no passwords were reported, it is a good idea to change them in case. If you use the same password on other websites, be sure to update them and make sure that each one is strong and unique,” the researchers said.
In addition, being more cautious with incoming email messages can never damage. Finally, it is also recommended to closely monitor all accounts, especially bank and credit accounts.
