A training non-profit linked to the FBI is investigating reports that it was successfully hacked, exposing the personal details of thousands of agents to attackers.
The FBI National Academy Associates (FBINAA) claims to be “dedicated to providing the highest degree of law enforcement expertise, leadership training, and information to law enforcement executives around the world.” Its members are graduates of the FBI National Academy Program for law enforcers.
In a notice over the weekend, it responded to media reports of a security breach at three FBINAA websites which apparently resulted in highly sensitive data on around 4000 law enforcers being put up for sale on a dark web site.
“We are working with federal authorities to investigate this allegation. We believe we have identified the three affected chapters that have been hacked and they are currently working on checking the breach with their data security authorities,” the statement noted.
“In each of these instances a third-party software was being used by the affected Chapters, however it is still too early to determine if this impacted the breach. Cybercrime is on the rise and phishing attacks occur every day.”
The FBINAA pointed out that its national database is “safe and secure” and used the opportunity to reassure members that their safety is paramount.
“If it is determined that there has been felonious activity, we will prosecute the culprits to the fullest extent of the law,” it concluded.
Web application vulnerabilities remain among the most high-risk security challenges facing IT teams. A Trustwave report from 2018 revealed that 100% of apps contain at least one flaw, with the median number standing at 11.
The average time it takes to fix a web app bug is over 77 days, according to a separate Edgescan report.