A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses.
The FBINAA could not be reached for comment outside of business hours. In a statement Saturday the FBINAA said it was working with federal authorities to investigate the breach. “We believe we have identified the three affected Chapters that have been hacked and they are currently working on checking the breach with their data security authorities.”
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”
Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.
The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.
Their end goal: “Experience and money,” the hacker said.
Updated Saturday with a statement from the FBINAA.
