The personal information of police officers as well as some of the capabilities — and deficiencies — of local police departments are part of a large data breach affecting the federally funded Advanced Law Enforcement Rapid Response Training facility at Texas State University. ALERRT, as it’s more commonly known, helped trained 114,000 law enforcement officers how to handle active shooter scenarios, and the facility has worked with federal agencies like the FBI.
According to data breach hunter Flash Gordon, the database — which dates back to April 2017 and contains the names and work contact information of law enforcement officers, and agents from the FBI, Customs and Border Protection, and the U.S. Border Patrol —was uploaded to a web server without password protection. The breach also included information about the officers and their home addresses as well as the skills and capabilities of more than 17,000 instructors, according to ZDNet.
The ALERRT data breach also contained a database of more than 85,000 emails containing sensitive personal information, like an officer’s birth date or the last four digits of their Social Security number.“In the wrong hands this data could be detrimental or even deadly for the first responders who put their lives on the line every day,” security researcher John Wethington told ZDNet of the breach.
In addition to revealing personal information from law enforcement officers, the email database also contains insights on how prepared police departments and law enforcement agencies at handling active shooter situations. A few of the email exchanges detailed requests from several police agencies for training from ALERRT. Those agencies revealed that theirdepartments did not have active shooter trainingand that a nearby agency with that kind of capability may be miles away. Given the large influx of request from local agencies, ALERRT did notify at least one police officer that it“couldn’t facilitate his request at this time,” according to ZDNet.
“This intelligence could be easily exploited by domestic terrorists or ‘lone wolves’ to exploit the weaknesses discussed in this correspondence,” Wethington said in ZDNet’s report. “For instance, an individual who wanted to push a particular state or local agency and the community it supports into a crisis need only look for an agency or community in this data that has expressed concern for their ability to respond to a active shooter.”
The database has since been removed, though it’s unclear if any of the information contained in the breach had been misused or obtained by malicious actors.