A recent cyberattack has led to the exposure of personal information belonging to hundreds of U.S. federal employees. This breach reportedly includes agents from key agencies such as Immigration and Customs Enforcement (ICE), the Department of Homeland Security (DHS), the Department of Justice (DOJ), and the FBI.
The incident first came to light through a report by 404 Media. Hackers have allegedly released sensitive data, including full names and office addresses, with some even sharing home addresses. In total, over 1,000 federal employees have been affected, with 680 from DHS, 190 from DOJ, and 170 from the FBI. The hackers utilized encrypted messaging apps like Telegram to distribute the information, where they mockingly referred to their targets and hinted at bounties offered by Mexican cartels for information on federal agents.
One hacker provocatively asked if Mexican cartels were interested in the stolen data, even suggesting a price of “1m” dollars for it. Another post hinted at the possibility of further leaks, asking, “U guys want IRS next?”
The group behind this breach is thought to be part of a larger cybercrime network known as “The Com.” This group includes several notorious factions like Scattered Spider, 0ktapus, and LAPSUS$, which have been linked to major ransomware attacks on companies such as MGM Resorts and Coinbase.
The Com is known for recruiting young individuals, often English-speaking teens, who are familiar with Western systems and social engineering tactics. They operate in online communities that glamorize cybercrime, where members boast about their illicit activities, including scams and violent tactics.
Scattered Spider, one of the factions within The Com, has reportedly collaborated with Russian ransomware groups like ALPHV/BlackCat. This partnership combines the English-speaking hackers’ skills in manipulation with the technical expertise of their Russian counterparts. Together, they were behind a significant ransomware attack on MGM Resorts that cost around $100 million.
Experts say this doxing incident marks a shift from financially motivated crimes to politically charged attacks targeting U.S. government personnel. This trend raises alarms among cybersecurity officials, who view groups like The Com as growing national security threats, especially when they collaborate with foreign adversaries.
Authorities have made several arrests related to The Com, including a 17-year-old in the UK and several Americans in their early twenties. However, many individuals involved remain at large. The decentralized nature of these groups, which operate through encrypted apps and online gaming platforms, complicates efforts to dismantle them.
As investigations continue, cybersecurity experts warn that this leak could lead to real-world harm for federal employees. It also highlights a troubling trend of hackers using personal data for political, ideological, or financial purposes.
