A Massive Cache of Law Enforcement Personnel Data Has Leaked

Zack Whittaker, reporting for ZDNet: A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned. The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University. The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection. ZDNet obtained a copy of the database, which was first found by a New Zealand-based data breach hunter, who goes by the pseudonym Flash Gordon.

Hey, they spy on us ...

The way law enforcement has decided they don't give a fuck about our privacy, I'm afraid I have little sympathy for this.

If you're in charge of this kind of information, and you put it on a server with no protection, you probably have no business in that job.

Do the police expect us to care about their privacy when they don't care about ours?

Not A Problem

[StormReaver]

I'm sure that Law Enforcement is perfectly fine with the breach. After all, since they have nothing to hide, they have nothing to fear.

Right?

I hate to say this, but...

[Falconnan]

This is why we need strong encryption and authentication as a legal requirement for all personal information databases. Law enforcement may not like it, but if they require backdoors on encryption schemes and access, this will continue to make them as vulnerable as everyone else. They have proven the argument they oppose for us. I get the problems this causes, but the damage allowed by not using proper data protection is generally much worse. And now they may end up learning this the hard way, and that's a shame.