State Department

The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor.

Acuity, the company purportedly breached to steal this information, is a technology consulting firm with almost 400 employees and a $100+ million annual revenue.

Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained  Old Info - SecurityWeek
It provides DevSecOps, IT operations and modernization, cyber security, data analytics, and operations support services to federal civilian national security customers.

  • "The Department is aware of claims that a cyber incident has occurred and is currently investigating," a State Department spokesperson told BleepingComputer.
  • "The Department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the Department's cybersecurity posture. For security reasons, we will not provide details on the nature and scope of the claim."

The threat actor (known as IntelBroker) describes the files as containing classified information belonging to the Five Eyes intelligence alliance.

According to their claims, the leaked data includes the full names, emails, office numbers, and personal cell numbers of government, military, and Pentagon employees, as well as their email addresses.

IntelBroker has also shared screenshots of some allegedly stolen documents (first spotted by Dark Web Informerbut has yet to disclose the method used to obtain them.
  • "Today, I am releasing the documents belonging to the Five Eyes Intelligence Group," the threat actor says in a Tuesday post on a hacking forum.
  • "This data was obtained by breaching into Acuity Inc, a company that works directly with the US Government and its allies."
IntelBroker Five Eyes
IntelBroker's alleged Five Eyes leak (BleepingComputer)
Since December, IntelBroker has been leaking data allegedly stolen from or belonging to a wide range of government agencies, including ICE & USCIS, the Department of Defense, and the U.S. Army.
  • It is not known if these incidents are related to the Five Eyes data leak. 
  • However, some of the data leaked in the ICE/USCIS forum post is also contained in the Five Eyes post, indicating an overlap.
​IntelBroker gained notoriety after breaching DC Health Link, the organization that administers the health care plans of U.S. House members, their staff, and their families.
  • The incident resulted in a congressional hearing after the personal data belonging to 170,000 affected individuals, including members and staff of the U.S. House of Representatives, was exposed.

Other cybersecurity incidents linked to IntelBroker are the breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service, as well as an alleged breach of General Electric Aviation.

NSA and Acuity spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today. CISA declined to comment.

Acuity breach admitted by IntelBroker | SC Media