InfraGard Aware of Reports that its Portal may have been Compromised

Tuesday evening, investigative security journalist Brian Krebs (KrebsOnSecurity) broke news about an incident he has been tracking regarding the FBI’s InfraGard database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. The KrebsOnSecurity post explains the situation describing activity regarding a potential fraudulent account that may have enabled this compromise.

The FBI is aware and if you are an InfraGard member you were sent the following broadcast message yesterday.

InfraGard Members:

The FBI is aware of a potential false account associated with the InfraGard Portal and is actively looking into this matter. This is an ongoing situation, and we are not able to provide any additional information at this time. 

As stated in the KrebsOnSecurity post, InfraGard members are “key people in private sector roles involving both cyber and physical security at companies that manage most of the nation’s critical infrastructures — including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms.” WaterISAC will continue to track this incident and recommends that InfraGard members exercise extreme vigilance regarding InfraGard communications at this time.  Access KrebsOnSecurity for more.