- Total Records16,230,889
- Unique Emails8,539,566
- Unique First Names6,324,883
- Unique Addresses4,307,459
EPA.gov Data Breach Exposes Millions of Records: What Happened in 2022–2023?
Between late 2022 and 2023, the U.S. Environmental Protection Agency (EPA.gov) faced a substantial data breach that affected more than 9.2 million individuals, including both staff and external contacts. This breach impacted one of the federal government’s key environmental sites, which manages regulatory and informational services related to environmental protection. Attackers accessed files containing highly detailed contact information such as names, email addresses (with a significant number of corporate domains), phone numbers, and home or work addresses. The breach ultimately included over 8.4 million unique email addresses and exposed a wide array of personal and professional data. The Department first became aware of the incident in December 2022, and the breach continued to impact data through much of 2023, drawing attention because of its scale and the sensitivity of the information involved.
What Information Was Exposed?
The EPA.gov breach compromised a broad set of data fields, impacting millions of Americans and agency-associated professionals. Exposed information included first and last names, full names, email addresses, phone numbers, physical addresses (including street, city, state, ZIP code, and country), company names, and associated URLs. For many records, detailed address information and professional contact data were present, reflecting the federal agency’s role in interfacing with regulated entities and the public.
How Many People Were Affected by the EPA.gov Breach?
More than 9.2 million individuals were included in the exposed data, with records totaling over 16.2 million due to duplicated and related entries. The majority of email addresses were unique, with over 8.4 million distinct accounts identified. The affected groups comprised EPA staff, corporate contacts, and individuals who had interacted with EPA.gov services or submitted information through its platforms.
Timeline of Events
- December 1, 2022: Incident is believed to have first occurred, starting a breach window that extended into 2023.
- 2022–2023: Data continued to be compromised as information remained accessible to unauthorized parties.
- Remediation efforts and notifications followed as the exposure was discovered and analyzed by authorities.
What Caused the EPA.gov Breach?
While the detailed methods used by attackers remain under investigation, it’s clear that system vulnerabilities allowed unauthorized actors to access EPA records spanning millions of individuals. The scope and type of exposed data suggest attackers gained entry to databases or accessible file repositories, extracting contact and professional details stored for both regulatory and informational interactions.
FAQ
What happened in the EPA.gov data breach?
Between 2022 and 2023, EPA.gov suffered a data breach that exposed the personal and professional contact details of over 9.2 million individuals, including staff and external contacts. The breach affected records containing names, emails, phone numbers, and physical addresses.
How many users were affected by the EPA.gov breach?
The breach involved more than 9.2 million people, with 16.2 million records in total and over 8.4 million unique email addresses exposed.
What data was leaked in the EPA.gov breach?
Exposed information included first and last names, email addresses, phone numbers, physical addresses, company affiliations, and related URLs.
Who was responsible for the EPA.gov breach?
The breach’s precise perpetrators have not been officially attributed, but the incident resulted from exploitation of vulnerabilities in agency systems.
When did the EPA.gov data breach happen?
The data breach started around December 1, 2022, and continued into 2023 before detection and response.
How can I check if I'm in the EPA.gov breach?
You can check if your information was part of the EPA.gov breach by utilizing the DeHashed search engine.