The Secret Service is leading a federal investigation after a website posted what it said was confidential personal data on celebrities and national leaders, including Vice President Joseph R. Biden and pop singer Beyonce, an agency spokesman said Wednesday.
Edwin M. Donovan told The Washington Times the investigation was launched after the website www.exposed.su posted purported private information such as Social Security numbers, home addresses and personal telephone numbers for nearly two dozen individuals.
In addition to Mr. Biden and Beyonce, the site claims to have listed data on first lady Michelle Obama, Attorney General Eric H. Holder Jr., FBI Director Robert S. Mueller III and former Secretary of State Hillary Rodham Clinton.
The celebrities allegedly exposed also include actors Mel Gibson and Ashton Kutcher; rappers Jay-Z and Kanye West; socialites Paris Hilton, Kris Jenner and her daughter, Kim Kardashian; pop singer Britney Spears; former Alaska Gov. Sarah Palin; real estate mogul Donald Trump; former California governor and actor Arnold Schwarzenegger; and former Vice President Al Gore.
The information revealed about senior officials could have serious security implications.
“It’s more terrorists or wackos you’d be concerned about [rather] than [foreign intelligence] … partly just because everyone knows [what information] has been exposed and you can do mitigation,” a former official said, speaking on condition of anonymity because of the sensitively of current employers.
The incident highlights the vulnerability of personal data, even that of highly protected figures like the attorney general. Mr. Holder’s 20-page Equifax report — including apparently his date of birth, Social Security number and home address — was posted.
Identity thieves often gain unauthorized access to credit reports to open bank accounts and credit card accounts in the name of their victims.
At least one credit report appeared to have been downloaded from a website, CreditKarma.com, which offers consumers the chance to view for free credit data about them collected by the major credit scoring bureaus.
According to the website, consumers have to enter their Social Security number and other personal details before gaining authorization to download their reports.
Another credit report came from a commercial site, ScoreSense.com, that charges users for the same service.
Most of the reports were apparently obtained from one of the three major U.S. credit ratings agencies — Equifax, TransUnion and Experian — via a special Internet portal they maintain for the public to check their own credit ratings.
All three companies have said that some of their reports had been fraudulently accessed since Monday by someone using personal data about the victims.
Security experts said that suggests the attack is a “social hack” rather than a classic cybersecurity data breach.
“One possibility is that the hackers were able to scoop [personal] information up off the [Inter]net about particular individual public figures, and then use that to successfully impersonate their targets and access credit histories,” Graham Cluely of British security firm Sophos said Wednesday.