Four Iowa law enforcement agencies among those hit by ‘Blue Leaks’ hack

Four Iowa law enforcement organizations are among the 200 police agencies whose data was stolen earlier this month as part of the so-called “Blue Leaks” computer hack.

The Iowa Law Enforcement Academy, the U.S. Attorney’s Office for the Northern District of Iowa, the Midwest Counter-Drug Training Center in Johnston and the Iowa Fusion Centre are among law enforcement entities whose records were compromised.

The 269 gigabytes of data, or 1 million documents, from the FBI and other law enforcement agencies were stolen on June 19 by a collective called Anonymous. They were leaked online later that same day by a group that calls itself Distributed Denial of Secrets.

Many of the law enforcement entities that were hacked, including the one in Johnston, are “fusion centres” which are hubs for police to share information on security threats and intelligence. The National Fusion Centre Association, or NFCA, says that the data was taken through a security breach at the website  development firm Netsential in Texas.

Judy Bradshaw, director of the Iowa Law Enforcement Academy, said the academy doesn’t store any financial information or investigative information on its website, so nothing of that sort was accessed.

“What we do have on there is roster information for training, for officers, jailers and dispatchers,” she said, “So we maintain through these rosters the trainees’ first and last name, their employing agency and their driver’s license numbers and rank and position. And not all of them include the driver’s license number — there’s just the name and the class they signed up to attend.”

She said it appears about 11,000 names on the rosters that were hacked, and those individuals are being notified.

“We do have some individuals who use their Social Security numbers for their driver’s license number, and so parts of their Social Security numbers were accessed, potentially,” Bradshaw said. “We’ve been working with the attorney general’s office on this, and we’re aware that the FBI is investigating this.”

Tony Morfitt, the public information officer for the U.S, Attorney’s Office, Northern District of Iowa, declined to comment on the breach of that office’s information.

Officials with the Midwest Counterdrug Training Center in Johnston and the Iowa Fusion Centre, which is part of the Iowa Department of Public Safety, could not be reached for comment.

The amount of raw data hacked from the fusion center is more than twice the size as that accessed from the Iowa training academy.

The Midwest Counterdrug Training Center is administered by the Iowa National Guard Counterdrug Task Force, and is located at the Camp Dodge Joint Maneuver Training Center in Johnston. It trains the military and local, tribal, state, and federal law enforcement officers in drug-law enforcement.

Distributed Denial of Secrets claims the Blue Leaks data archive includes “10 years of data from over 200 police departments, fusion centers and other law enforcement training and support resources.” The data includes hundreds of thousands of documents, some of them routine, including police and FBI reports, bulletins and policy guides.

According to the NFCA, the stolen data also includes “highly sensitive information” such as international data bank account numbers, financial data, and the names and email addresses of agents.

The Maine Beacon has reported that documents stolen include a set of records titled “Civil Unrest Daily Report,” which show that a unit of the Maine State Police was closely tracking Black Lives Matter events and other racial-justice events earlier this month. The reports list events, with information on locations, sponsors, organizers and expected attendance.