-
“Punk,” a notorious hacker, has asserted that he has hacked the U.S. Government Publishing Office database.
-
According to reports, this database contains 518 unique employee email addresses along with names and extensive email metadata.
-
The data was publicly disclosed by “Punk” on dark web forums and reveals internal email communication behaviours of employees.
The U.S. Government Publishing Office (GPO) is the newest member of the federal government to be attacked by cybercriminals; a thief has obtained and is currently selling the information of GPO employees on the Darknet.
According to reports from a threat alert profile on the X platform, Dark Web Informer, a group named Punk claims they successfully hacked GPO’s page on February 12, 2026, and have stolen a database which contains 1500+ pieces of employee data therein.
Stolen data to disclose sent emails, BCC recipients, etc
A screenshot provided by the stolen data peddler shows that apart from basic contact details, there’s a lot more in the stolen data. It holds information on the number of emails sent out and who was on each email (as well as BCCs).
Email metadata can provide significant insight into the communications between parties within the same organization or business. Email metadata creates a map of a company’s / organization’s professional networks, and can potentially identify who the key individuals are within that organization/company.
If a malicious actor were to gain access to this information, they would be in a unique position to execute a targeted phishing attempt because they would already know who and how to impersonate these individuals within that organization/company.
“In addition to appearing to present little risk for malicious actors, email communications may actually be used by these malicious actors to develop a visual representation (map) of an organization’s structure; identify who the key individuals are within a company or organization; and launch targeted phishing attacks,” warn cybersecurity professionals.
The GPO provides a valuable and necessary function within our government. It is responsible for producing and distributing all government publications. The GPO supplies all publications produced by Congress and the Federal Register, as well as creating and supplying secure credentials (such as passports) for the U.S. Department of State.
A serious breach of the GPO’s systems would not only expose employee data; it would also have a deleterious effect on multiple entities (both within and outside of the federal government).
GPO data on sale by a bad black market vendor
The profile selling the stolen data from GPO.Gov is “OSINT Nerd,” also identifying as “GOD” on the underground forums.
As of the time of this writing, they hold a rank of 1,602 on that same platform. This rank is based upon having established their level of reputation, the total value of transactions conducted, and the number of successful exploits that they have shared with other criminals in the criminal world as recorded on the same platform.
This increase in internet activities is taking place at exactly the wrong time. There’s been a quick rise in the number of internet attacks specifically towards government infrastructure.
This trend is global, affecting not only U.S. agencies but also major international bodies, as seen in the recent cyberattack on the European Space Agency that led to staff data being leaked on the dark web.
Additionally, state-sponsored and other independent cybercriminals are now seeing federal agencies as some of their best “targets” for stealing sensitive information. Others want to disrupt operations. And some just want bragging rights in hacking circles.
Officials have said nothing, society is in Jitters
The GPO officials have not given any open statements concerning the breach. Nonetheless, cybersecurity veterans will look into the implications of this incident and dig to see if there are potential leaks of classified materials within the federal government because of this breach.
All employees currently or previously employed by the GPO should be aware that they are at increased risk because of this incident. Security consultants are advising that individuals monitor their accounts for unusual activity.
Always stay alert for any phishing emails targeting you as a result of this attack on personal data. Hackers have access to an invasion of privacy/cybersecurity breach; they now have a full list of who works at the GPO and what they do, and who they communicate with.
Any and all Government Agencies of all functions must be aware of this and immediately engage in a full evaluation of their cybersecurity protection and put new cybersecurity protection in place immediately.
The cyber threat landscape is constantly changing, and if agencies can’t keep changing to keep up with it, then they will remain a target.
