Personal data of thousands of law enforcement officials in the United States has been exposed in a security breach at a federally funded active shooter training center. The database, that has now been secured, was discovered by a New Zealand-based data breach hunter, going by the pseudonym of Flash Gordon. "The backend database powers the website of Advanced Law Enforcement Rapid Response Training - known as ALERRT - at Texas State University," ZDNet reported.
The exposed data contains personally identifiable information of police officers and federal agents who underwent active shooter response training in the past few years. The data contained details about law enforcement officials' work contact information, personal email addresses, work addresses, and phone numbers. Officials from the Federal Bureau of Investigation (FBI), Customs and Border Protection (CBP), and the US Border Patrol were listed in the database.
While it remains unclear how many local and state officials are at risk, more than 114,000 law enforcement officials have reportedly been trained by ALERRT. According to reports, the Texas-based center offers training to civilians and law enforcement officials around the country to prevent or disrupt active shooter incidents. "Since its inception in 2002, ALERRT has received tens of millions of dollars in funding from the Justice Department, Homeland Security, and several state governments," the publication added.
ZDNet reported the following figures:
- One table contained data on 65,000 officers who had taken an ALERRT course and provided feedback had their full name and zip code exposed.
- Another table detailed information on instructors, including their skills.
- One carried the names of more than 17,000 instructors.
- 51,345 sets of geolocation coordinates of schools, courts, police departments, and government buildings, like city halls and administrative offices were also found.
- In some cases, the list also contained police officers' home addresses.
- Over 85,000 emails sent by staff to prospective trainees and course takers dating back to at least 2011 were also stored.
"One police department openly admitted that it 'doesn't have a full-time SWAT team,' and is unable to respond to an active shooter situation," an exposed email revealed. "An ALERRT staffer responded, saying that the organization 'couldn't facilitate his request at this time'."
The detailed information not only puts law enforcement officials at risk, but it could also offer insight into the capabilities of law enforcement departments, where they conduct training, what's offered in those sessions, and what they deemed places of interest.
"This intelligence could be easily exploited by domestic terrorists or 'lone wolfs' to exploit the weaknesses discussed in this correspondence," security researcher John Wethington told the publication. "For instance, an individual who wanted to push a particular state or local agency and the community it supports into a crisis need only look for an agency or community in this data that has expressed concern for their ability to respond to an active shooter."
