Why it matters: A company that provides technology solutions to law enforcement has reportedly suffered a breach that could jeopardize ongoing law enforcement operations and undercover personnel. It is unclear whether the criminals currently under investigation gained access to the information, but the fact that cybercriminals possess it and could potentially sell it is concerning.
On Jan. 11, Wired reported that a company called ODIN Intelligence (OI) was involved in a data breach that could have exposed the addresses and names of thousands of suspects. It also revealed the phone numbers, email addresses and identities of hundreds of officers involved in approximately 200 law enforcement operations, including investigations, stings and undercover police activities.
It was unclear who was behind the data breach, and OI has neither confirmed nor denied that its systems were hacked.
“ODIN Intelligence Inc. takes security very seriously,” CEO Erik McCauley said in a standard statement. “We have and are investigating these allegations thoroughly. We have so far been unable to replicate the alleged security compromise on an ODIN system. In the event that the security of ODIN or SweepWizard is compromised, we will take the appropriate measures. . »
Two of the company’s most popular law enforcement apps are SweepWizard and SONAR. SweepWizard is an application used to organize raids on different agencies. SONAR is OI’s sex offender reporting and registration system.
Less than a week after the alleged breach, a group of unknown attackers hacked the ODIN Intelligence website and defaced the homepage with a message claiming to have stolen 16GB of SweepWizard and SONAR data. He said he also obtained several Amazon Web Services keys. As proof, he posted hashes to verify the stolen files.
The seriousness of the violation is evident. Not only was classified information uncovered, but the leak potentially compromised ongoing classified police operations and exposed the identities of undercover officers. The consequences aren’t just potential identity theft; lives could be at stake.
A member of Europol’s network of data protection experts, Ilia Kolochenko, says it could be the most damaging data breach of 2023 due to the sensitive and classified information it contains.
“If law enforcement intelligence data gets into the hands of organized crime, it could have tragic consequences for police officers and undercover agents,” Kolochenko told Tech Report in an email. “This is not to say that years of complex and resource-intensive police investigations can be wasted and criminals end up going unpunished…”
Kolochenko recommends that all agencies using ODIN applications evaluate the value of the data that may have been stolen and take appropriate actions to minimize the damage.
“All law enforcement agencies that may have had an impact on the breach should urgently investigate the type of data that may have been stolen to understand and respond to the wide range of possible implications, as well as “promptly notify affected third parties,” Kolochenko said.