Why it matters: A company that provides tech solutions to law enforcement agencies has reportedly suffered a breach that might jeopardize ongoing police operations and undercover personnel. It is unclear if criminals currently under investigation have accessed the information, but the fact that cybercriminals have it and could potentially sell it is disturbing.
On January 11, Wired reported that a company called ODIN Intelligence (OI) was involved in a data leak that might have revealed the addresses and names of thousands of criminal suspects. It also exposed the phone numbers, email addresses, and identities of hundreds of officers involved in around 200 law enforcement operations, including investigations, stings, and undercover police work.
It was unclear who was behind the data breach, and OI would not confirm or deny that its systems were attacked.
"ODIN Intelligence Inc. takes security very seriously," CEO Erik McCauley said in a boilerplate statement. "We have and are thoroughly investigating these claims. Thus far, we have been unable to reproduce the alleged security compromise to any ODIN system. In the event that any evidence of a compromise of ODIN or SweepWizard security has occurred, we will take appropriate action."
Two of the company's popular law enforcement apps are SweepWizard and SONAR. SweepWizard is an app used to organize raids across multiple agencies. SONAR is OI's Sex Offender Notification and Registration system.
Less than a week after the alleged breach, an unknown group of attackers hacked the ODIN Intelligence website and defaced the homepage with a message claiming it had stolen 16GB of SweepWizard and SONAR data. It said it had also obtained several Amazon Web Services keys. As proof, it posted hashes to verify the stolen files.
The gravity of the breach is self-evident. Not only was confidential information exposed, but the leak potentially compromised classified ongoing police operations and revealed the identities of undercover officers. The consequences aren't just the potential for identity theft; lives could be at stake.
A Europol Data Protection Experts Network member, Ilia Kolochenko, claims that this could be the most harmful data breach of 2023 because of the confidential and classified information it contains.
"If law enforcement intelligence data ends up in the hands of organized crime, it may lead to tragic consequences for police officers and undercover agents," Kolochenko told Tech Report in an email. "This is not to mention that years of complex and resource-consuming police investigations may be wasted, and criminals eventually go unpunished ..."
Kolochenko recommends that all agencies using ODIN apps should assess the value of the data that could have been stolen and take appropriate measures to minimize the damages.
"All law enforcement agencies that the breach could have impacted should urgently audit what kind of their data could have been stolen to understand and respond to the broad spectrum of possible implications, as well as rapidly notify concerned third parties," Kolochenko said.