Government officials’ home info leaked in mass dox dump

Testifying that no one is out of reach to hackers is the recent incident in which a loose-knit hacking collective has published spreadsheets claiming to contain the personal information of hundreds of U.S. government officials and scores of FBI and Department of Justice staff.

Indeed, the data, which appeared on a Telegram channel tied to the group using the name Scattered LAPSUS$ Hunters, reportedly includes names, phone numbers, and residential addresses, per a report on October 16.

As it happens, some of the messages were also taunting authorities and seemingly referencing claims that Mexican cartels are paying for doxes. As one user wrote:

“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million USD].”

Hacker group tied to LAPSUS$ and Scattered Spider resurfaces

Cybersecurity firm District 4 Labs reviewed the leaked lists and corroborated portions of the material with 404 Media, finding that many entries matched known government employees by name, agency, address, or phone number. This indicates the data may partially come from prior breaches or multiple public and leaked sources, though the exact origin remains unclear.

Notably, the group behind the dox dump traces to the Com, an online community that has produced several high-profile and often chaotic hacking factions, including LAPSUS$ and Scattered Spider, which have previously targeted major corporations and infrastructure providers.

Meanwhile, the Department of Homeland Security (DHS) has recently warned about rising doxxing and harassment against its officers, and the agency has claimed sharp increases in threats and online exposure of personnel, including that:

“Mexican criminals, in coordination with domestic extremist groups, have placed targeted bounties on U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) personnel.”

However, neither DHS, FBI, nor DOJ has responded publicly yet to requests for comments on the latest leak.

That said, sometimes the tables turn for hackers, and they end up the victim, as the attacker on the UXLINK project, which saw millions of dollars worth of cryptocurrencies stolen, witnessed once he suffered a hack himself, losing an even bigger fortune in a twist of poetic justice.