According to a TechCrunch report late Friday, the hackers breached three websites associated with the FBI National Academy Association located at the FBI training academy in Quantico, Virginia.
The hackers “exploited flaws on at least three of the organisation’s chapter websites – which we’re not naming – and downloaded the contents of each web server,” the report said.
The hacker claimed to have “over a million data” on employees across several federal agencies and public service organisations in the US.
They also put the data up for download on their own website.
“We hacked more than 1,000 sites. Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites,” a hacker told TechCrunch.
The data contains member names, a mix of personal and government email addresses, job titles, phone numbers and postal addresses.
The hackers, whose identity is still unknown whether they are an independent group or nation-state actors, used public exploits, indicating that “many of the websites they hit weren’t up-to-date and had outdated plugins”.
The FBI was yet to speak on the incident.