A scan of First Lady Michelle Obama's passport has been published online, prompting the feds to launch a breach investigation.
The scan appeared on a site with suspected ties to Russia, DCLeaks.com. It wasn’t the only “get” for the hacking group though—it also published confidential information like travel details, names, social security numbers and birth dates of members of staff.
The US attorney general, Loretta Lynch, confirmed the investigation, but said that officials had not yet verified the documents.
The scan appeared to have been taken from a Gmail account belonging to a low-level White House contractor, according to White House press secretary Josh Earnest, who said the incident “should be a wake-up call for all of us.”
He added, “At this point I cannot announce any sort of conclusion that's been reached about the individual or individuals that may have been responsible for the cyber breach that resulted in this information being leaked."
Last week the group published personal emails from former Secretary of State Colin Powell, with critical comments about presidential hopefuls Hillary Clinton and Donald Trump. Powell confirmed to Reuters the hacked messages were authentic.
DC Leaks is suspected to be linked to Russian intelligence services. In August, a leak of 300 supposedly Republican emails on the site purported to be from the campaigns of Sen. John McCain (R-Ariz) and Sen. Lindsey Graham (R-S.C.)—both stalwart critics of Russian president Vladimir Putin.
Researchers at ThreatConnect said that the site appears to be connected to Guccifer 2.0, the anonymous organization that claimed responsibility for the Democratic National Committee (DNC) intrusion. And, it is also hosting a portfolio of leaked emails belonging to Billy Rinehart Jr., a regional field director for the DNC, who was compromised using a Russian technique known as Fancy Bear—the Kremlin-associated method behind the recent leaks of Olympic stars’ medical records. Also, DCLeaks’ registration and hosting information aligns with other Fancy Bear activities and known tactics, techniques and procedures, ThreatConnect researchers noted.