Federal Bureau of Investigation Data Breach (2021)

In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest. The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status. The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list: Additionally, the researcher noticed some elusive fields such as "tag," "nomination type," and "selectee indicator," that weren't immediately understood by him. "That was the only valid guess given the nature of data plus there was a specific field named 'TSC_ID'," Diachenko told BleepingComputer, which hinted to him the source of the recordset could be the Terrorist Screening Center (TSC). FBI's TSC is used by multiple federal agencies to manage and share consolidated information for counterterrorism purposes. The agency maintains the classified watchlist called the Terrorist Screening Database, sometimes also referred to as the "no-fly list." Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.