A new hacking group called SpexSecurity has infiltrated government servers in Tennessee and leaked thousands of confidential details, including residents' Social Security numbers, to the public.
SpexSecurity, also known as SpexSec, introduced itself June 11 by releasing more than 14,000 details about residents of Clarksville, Tenn. The leaked data, links to which were embedded in the group's Pastebin post, includes the names, birth dates, Social Security numbers andidentification numbers of former students and current employees from the Clarksville-Montgomery County school system.
The two links are now down, but one is still cached by Google. SpexSec says the spilled records are only part of its total haul, and that it still has personal information on more than 110,000 Clarksville residents.
In its Pastebin post, the hackers say their primary targets are "the U.S. Government for torturous and deceptive acts on our own soil, the Educational system for exuberantly being blown-over and belligerently not patching the holes in their security system, and anybody else who partook a role in the Murder of America." The group said it targeted Clarksville because of the city's refusal to fix security flaws after the hackers warned it about existing vulnerabilities.
In a school board meeting, school system director Mike Harris put the blame for the breach squarely on the hackers. "The blame clearly goes to those would use their talents and abilities to steal information and jeopardize honest citizens, and not our school system," the Tennessee newspaper The Leaf Chronicle reported.
The school district advised all students and past and present employees to contact their banks, and said that even if their names were not on the leaked list, they shouldn't assume their information is not in jeopardy.
According to the security firm Kaspersky Lab, SpexSec is run by two former members of Team Poison, a hacking group that gained notoriety for going after the United Kingdom's Secret Intelligence Service (MI6). In April and May, British police arrested three suspected Team Poison members.
Following the Clarksville hack, SpexSec took to its Twitter feed to announce it was disbanding. But just as quickly, the hackers claimed they were back, and that they had "accessed Vietnam Airlines."