The FBI’s email system was hacked, sending emails to thousands of recipients about a fake cyberattack, the agency confirmed over the weekend. The law enforcement agency said the cause of the hack has since been remediated.
In an updated Nov. 14 statement, the agency confirmed that an unnamed actor was able to gain access to the FBI’s Law Enforcement Enterprise Portal (LEEP) to send the emails. LEEP is an IT infrastructure used by the FBI to communicate with its state and local law enforcement partners.
“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network,” the FBI said in the statement. “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
The Spamhaus Project, an international organization that tracks email spammers and spam-related activity, tweeted a copy of the fake email, which claimed to be from the Department of Homeland Security with the subject line “Urgent: Threat actor in systems.” The email did not contain a malicious link or attachment.
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly confirmed her agency was aware of the incident and engaged with the FBI. “As always, we stand ready to support as needed,” Easterly tweeted.
In its statement, the FBI encouraged the public “to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.”
