Thousands of US law enforcement officials have had their data leaked online, Newsweek reports. An unsecured database linked to the Texas State University ALERRT training program, which trains law enforcement to respond to active shooter situations, was the source. The database had no password protection, even though it contained the names, email addresses, and phone numbers of reportedly up to 65,000 officers—some linked directly to FBI, Customs and Border Protection (CBP), and the US Border Patrol. The names of 17,000 instructors were also leaked. ALERRT is said to have trained more than 114,000 law enforcement officials.
The leaked cache of data also displayed sensitive information, such as private communications about concerns related to their jurisdiction, as well as geolocation coordinates of police departments, schools, and other critical municipal facilities, reports ZDNet. As a result, the massive data leak exposes not just personal and private information of individuals, but also serious vulnerabilities in the law enforcement system.
Coinciding with the ALERRT issue, Ars Technica reported in a separate story that assessment teams from the National Police Foundation found significant deficiencies in the Baltimore Police Department (PD) systems. This was notable, given that a cyberattack temporarily knocked Baltimore’s 911 system offline several months ago. According to the findings, Baltimore PD’s technology infrastructure is woefully out of date to the point of near-defunctness. The department uses a 20-year old software to manage their central records system, and the software is no longer supported by its vendors. The Motorola radio system used for 911 dispatch will cease to be supported after this year.
All of this follows on the heels of recent reports that the city of Atlanta lost years of police dashcam footage in its ransomware attack in March.
These incidents signal a dire need to beef up cybersecurity infrastructure within agencies that are primary to ensuring safe communities.