On Sunday, an account on Twitter posted a Department of Homeland Security staff directory with 9,355 names. Shortly after the DHS data was posted, the account went on to claim that an additional data dump focused on 20,000 FBI employees was next.
The published staff directory is exactly what you think it is - the name, title, email address, and phone number of more than 9,000 DHS employees.
The titles range from engineers, to security specialists, program analysts, InfoSec and IT, all the way up to director level. More than 100 staffers are listed with an Intelligence related title.
The person(s) behind the leaked DHS data first went to Motherboard to share the data, in addition to the DHS staff list, they also shared an FBI staff list. Motherboard did their own vetting and confirmed, for the most part anyway, that the lists were legit.
the data was obtained after an employee email account at the Department of Justice was compromised. As proof, the source used the compromised account to email Motherboard's Joseph Cox.
After attempting to use the compromised credentials to access a DOJ staff portal, with no success, Motherboard's source said they called the department directly and social engineered the access.
Access to the portal enabled access to the DOJ Intranet, and from there, the person(s) responsible for the attack claims to have downloaded 200GB worth of data.
On Sunday, as the Super Bowl was wrapping-up, only the staff list at DHS has been released, but the person(s) responsible for the leak claimed that the rest of the data was scheduled for publication in the near future.
As for why the data was posted to begin with, the message with the posted staff directly stated simply:
"This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer..."
Update:
On Monday afternoon, the person(s) responsible for the DHS staff directory leak followed-up and released another the FBI staff directory. The second link contains 22,175 names, email addresses, and titles. The motive for the leak remains the same. None of the alleged files taken from the Intranet, some 200GB, have been released. It's unclear if they will be.