Communist Party of China Member Data Leak

USDoD announces the release of PII for 2 million members of the Communist Party of China. The leak includes things like ID number, Name, Sex, Ethnicity, Hometown, Organization, ID card number, address, Mobile Phone number, and education

Communist Party of China Member Data Leak
USDoD leaks communist part of China members data

On April 26, 2024, an individual using the pseudonym "USDoD" announced the release of personal data purportedly belonging to 2 million members of the Communist Party of China. The leaked information includes sensitive details such as :

  • 🆔 ID number: Unique identifier that could be used for impersonation or fraud.
  • 👤 Name: Full names can lead to targeted phishing attacks.
  • 🚻 Sex: This information might be used in social engineering tactics.
  • 🌐 Ethnicity: Sensitive personal data that should be protected to avoid discrimination.
  • 🏠 Hometown: Could lead to location-based threats or scams.
  • 🏢 Organization: Affiliation details can be used in spear-phishing campaigns.
  • 🔢 ID card number: Crucial personal data, potentially leading to identity theft.
  • 🏡 Address: Physical addresses increase the risk of theft or harassment.
  • 📱 Mobile number: Direct line to the individual, could result in scam calls.
  • ☎️ Phone number: Another avenue for voice phishing attempts.
  • 🎓 Education: Educational background can be exploited for elaborated social engineering frauds.

"USDoD" claims to have held onto this data for several months and mentions that the database is the first to be hosted on their own content delivery network (CDN).

Threat Actor Background

The threat actor "USDoD," who came into the spotlight with the data exposure of 80,000 InfraGard members and 3,200 Airbus vendors, is recognized for his bold cybersecurity breaches. Supposedly: "A man in his mid-30s from South America", he has carved a reputation that is independent of geographic or political boundaries. Known for the "#RaidAgainstTheUS" campaign, "USDoD" has emphasized that his actions are neither politically driven nor pro-Russian, instead arising from a combination of personal motives and the sheer challenge of cyber exploitation.

Potential Impacts

The implications of this leak could be far-reaching. For the individuals whose data has been compromised, there is a heightened risk of identity theft, social engineering attacks, and possible endangerment of personal safety.