- A pirate claims to have stolen information sensitive to the Florida State Department
- Data includes email addresses on nearly 500,000 people
- E-mail addresses could be used in tailor-made phishing attacks
The Florida State Department, the government organization responsible for overseeing elections, corporate recordings, historical and cultural resources and library services, would have been hacked, the attackers claiming to have stolen hundreds of thousands of files, including the email addresses of people.
Incogni researchers explained that a user with alias Rey has published a new thread on an underground forum, saying that he had hacked the Florida State Department and stolen 568,835 files.
The data contains sensitive personal information belonging to “individuals associated with the ministry”. Although this can mean employees or customers, since the database is quite important, this could also mean the general public.
No confirmation still
In all cases, stolen data include first and family names, postal addresses and email addresses.
The latter is particularly worrying because it can be used for tailor -made phishing attacks. Threat actors could pretend to the Florida State Department, and as the victims have already interacted with the organization, they could be more sensitive to the attack.
For incogni, the information disclosed on postal addresses is even more worrying, as it can lead to fraud or even physical damage to state employees, as well as possible identity theft.
A total of 487,961 unique email addresses would have been seized. At the time of the press, there is no confirmation on the authenticity of hacking. The Florida State Department has not yet responded to the affirmations, because there are no updates on its site of editorial room. Therefore, we do not know if the people affected have been informed of the violation.
In addition, I was Pwned?, A website that brings together the e-mail addresses for known violations, has not yet added this information to its database.
Incogni advises all those who think they have been assigned to update their passwords, first. “Although no password has been reported, it is a good idea to change them in case if you use the same password on other websites, be sure to update them too and make sure everyone is strong and unique,” said the researchers.
In addition, being more careful with incoming emails can never hurt. Finally, monitoring all accounts, in particular bank and credit accounts, is also advised.
