The data from the Florida Department of State may have exposed the information of 500,000 people.
A hacker claims to have stolen hundreds of thousands of email addresses.
A hacker has claimed to have stolen a large amount of sensitive information from the Florida Department of State, including the email addresses of nearly 500,000 individuals. This government agency is responsible for overseeing elections, corporate registrations, historical and cultural resources, as well as library services. According to a user known as Rey, who posted on an underground forum, he managed to access 568,835 records.
The stolen information includes sensitive personal data of individuals linked to the Department, potentially encompassing employees, clients, and even the general public, given the size of the database. Among the stolen data are names, surnames, mailing addresses, and email addresses, with the latter being particularly concerning as it could facilitate targeted phishing attacks, where attackers impersonate the Florida Department of State. This could increase the vulnerability of victims who have already interacted with the entity.
Furthermore, researchers have pointed out that the leaking of data such as mailing addresses could lead to address fraud and put the physical safety of state employees at risk, while also potentially contributing to identity theft. In total, it is reported that 487,961 unique email addresses have been obtained.
So far, there is no confirmation of the authenticity of the attack, and the Florida Department of State has not issued a formal response to these claims nor provided updates on its website. Therefore, it is unclear whether the affected individuals have been informed about the security breach.
The platform Have I Been Pwned?, which collects email addresses linked to known breaches, has not yet included this information in its database. Researchers from Incogni have recommended that anyone who feels they might have been affected update their passwords as a preventive measure. Although no stolen passwords have been reported, they advise changing them for security, especially if the same ones are used across multiple sites, ensuring that each is strong and unique. Additionally, it is suggested to exercise greater caution with received emails and to closely monitor all accounts, particularly banking and credit accounts.