Hackers have exposed a heap of sensitive data from ODIN Intelligence, a law enforcement contractor that has faced criticism for its plans to track people experiencing homelessness with facial recognition.
The hack, which is believed to have been carried out by a group calling itself "All Cyber-Cops Are Bastards," exposed more than 15GB of data, which includes a wide range of sensitive information such as mugshots, photos of homes and vehicles, sex offender registration information, and field interrogation reports.
The data also includes audio files and reports generated by ODIN's app, SweepWizard, which is used by law enforcement to coordinate the execution of search warrants or raids. The data also contain login information, including two FBI email addresses.
According to an article from Vice's Motherboard, the data include files in a directory called "gallery" that contain 5,900 images, some of which include identifying information such as names and Social Security numbers.
The data also include polygraph reports of convicted sex offenders and files that appear to be ODIN's internal test data. The hackers claimed to have "shredded" the company's data and backups, but not before exfiltrating gigabytes of data from ODIN's systems.
The hack comes after a report from WIRED on a vulnerability in SweepWizard, which exposed personal information about suspects and could tip off people that they were going to be raided. ODIN quickly removed the app from the Google Play and Apple App Store and began an investigation.
In addition to exposing ODIN's own internal data, the hack also exposed confidential law enforcement data uploaded by the company's police department customers, raising concerns about the security and privacy of thousands of people whose personal information was exposed.
Transparency organization Distributed Denial of Secrets (DDoSecrets) obtained the hacked data and shared it with Motherboard and TechCrunch, which reported that the ODIN Intelligence website was defaced on Sunday, and that the hackers left behind a message that quoted ODIN's founder and CEO, Erik McCauley, who largely dismissed WIRED's report.
The hack and defacement of the website was in response to McCauley's dismissal of WIRED's report that the company's flagship app, SweepWizard, had exposed sensitive police data.
Let this be a lesson for all executives to check their security protocols before dismissing serious security claims.
Follow SecureWorld News for more stories related to cybersecurity.
