On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram’s TOS by leaking personal information on people — and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA).
DataBreaches did not report on it at the time precisely because the files were still exposed. Instead, DataBreaches contacted Telegram to inquire why the channel hadn’t been banned again for leaking sensitive information about government employees. Today, DataBreaches received a response from Telegram, stating that the channel had been removed for breaching their TOS. They added:
Publishing private information (doxing) is explicitly forbidden by Telegram’s terms of service, and such content is removed whenever discovered. Moderators empowered with custom AI tools proactively monitor public parts of the platform and accept reports to remove millions of pieces of harmful content each day, including doxing.
Daily stats and more details about Telegram’s moderation here: Telegram.org/moderation.
But how many people accessed and downloaded the four .csv files before the channel was banned? How many sites reported on the leak while the files were still exposed? DataBreaches is aware of one popular site that did report on the leak quickly, while the files would still be freely accessible to everyone.
Types of Information
The .csv file with information on FBI employees contained 174 entries with employees’ email addresses, first and last names, phone numbers, and postal addresses. The entries did not reveal what the individuals’ titles or roles were or are. DataBreaches did not check every entry, but a random sample checked did find current or former agents with those names. The addresses and phone numbers appeared to be mainly work-related.
The .csv file for USAO employees contained 197 entries with the same kinds of information. Spot checks of the names revealed that not everyone in the file was an attorney; some had other roles in the department.
The .csv file for Homeland Security contained 680 entries from different parts of the Department of Homeland Security, such as Federal Emergency Management Agency (FEMA), Customs & Border Protection (CBP), Citizenship & Immigration (USCIS), Transportation Security Administration (TSA), the U.S. Secret Service (USSS), and Immigration & Customs Enforcement (ICE). The data included the same kinds of information as the previous spreadsheets, and a spot check of some addresses revealed that some employees may have listed home addresses and not work addresses.
The .csv file with data from FAA employees contained 416 entries with the same types of information.
None of the files seemed to have any internal organization. Entries were not sorted by state or alphabetically by name, and none included the individual’s title or date of hire. It is not clear what the source of those files might be and whether they had ever been leaked before.
DataBreaches emailed DOJ/FBI, DHS, ICE, and CBP to ask whether employees were being notified of this incident. An auto-reply was received from CBP that indicated that the inquiry would be addressed on the next business day (M-F). This post will be updated if we get any replies.
Update 1: On Sunday, a DHS spokesperson responded to our email with: “DHS is investigating this matter.”
Update 2: On Monday, a DOJ spokesperson responded to our email with: “No comment, thanks.”