DDoSecret – a journalist collective known as a more transparent alternative to Wikileaks – published hundreds of thousands of potentially sensitive files from law enforcement, totaling nearly 270 gigabytes, on Juneteenth.

That date – 19 June – is a holiday that celebrates the emancipation of those who were enslaved in the US. There’s currently a push to make the date into a national holiday – a movement bolstered by the nationwide Black Lives Matter (BLM) protests.

DDoSecrets, which refers to itself as a “transparency collective,” has dubbed the release BlueLeaks.

On Friday, DDoSecrets said on Twitter that the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources”, including “police and FBI reports, bulletins, guides and more.”

Fusion Centers are state-owned and operated entities that gather and disseminate law enforcement and public safety information between state, local, tribal and territorial, federal and private sector partners.

DDoSecrets published the data in a publicly accessible, searchable portal that says it contains more than 1 million files, such as scanned documents, videos, emails, audio files, and more.

BlueLeaks data purportedly stolen from US law enforcement agencies and fusion centers. IMAGE: BlueLeaks

The collective said that the source of the data was Anonymous: the label that some hacktivists have used when taking actions against targets such as the hospitals involved in the Justina Pelletier case, revenge-porn site publisher Hunter Moore, and, more recently, attacks on the Atlanta and Minneapolis police departments following police killings of Black men.

Information security reporter Brian Krebs says that he got his hands on an internal analysis dated 20 June, from the National Fusion Center Association (NFCA), that confirmed the validity of the BlueLeaks data.

The NFCA said that the data appears to have come out of a security breach at Netsential, a web-hosting company based in Houston. Netsential provides web hosting for many US law enforcement agencies and fusion centers.

According to the alert, the dates on the files actually go back further than 10 years. They span nearly 24 years, from August 1996 through 19 June, 2020. The files include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.

The NFCA alert said that some of the files also contain highly sensitive information, including “ACH routing numbers, international bank account numbers (IBANs), and other financial data, as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”