Thieves have exposed sensitive personal and financial information in the latest round of NRA internal document dumps.
A Russian hacker group published the gun-rights group’s bank account information as well as the social security numbers or home addresses for dozens of its staff members on Tuesday. Documents with information on NRA employees who’ve paid tax liens, child support, or had their wages garnished are included in the leak. Dozens of internal documents, including the 2021 directors and officers insurance policy and several reports detailing the group’s confidential cyber security protocols, were also included in the leaks.
At least two of the NRA’s Atlantic Union Bank account numbers, three of its Wells Fargo account numbers, and three of its JPMorgan Chase account numbers have been exposed in the hack. So were a number of checks paid out to staff over the past decade.
The Reload reviewed the documents in question but is not republishing them or linking to where they are currently published in an effort to limit the spread of personal information. However, the files have already been widely distributed. The site set up by the ransomware syndicate on the dark web indicates the section on the NRA hack has been viewed more than 8,000 times already. Collections of the leaked files are also being shared online and among activists.
The documents are part of a hack announced by a criminal enterprise back in October. The hackers currently operate under the name Grief but previously used the name Evil Corp. The group commonly hacks targets and leaks internal information in hopes of extracting a ransom payment. In 2019, the Treasury Department sanctioned them over attacks on dozens of different groups and companies. The department said the group’s leader has also worked for Russia’s intelligence agency.
The Reload confirmed the authenticity of multiple internal documents included in the hack by speaking with six current and former NRA officials. An individual who had personal information exposed in the leak confirmed the information was accurate, and they had not yet been informed of the hack when they spoke to The Reload.
Additionally, the pay schedule shown on several documents matches the real schedule. The non-public phone numbers and email addresses included in several of the records also check out.
“I have reviewed many of the documents, and they appear to be valid,” Rocky Marshall, who served on the NRA board until earlier this year, told The Reload. “For example, all of the organizational charts are correct. In addition, the Insurance documents are the correct carriers.”
Current board member Phillip Journey said the collection of documents from the hack he reviewed appeared to be authentic.
Further, none of the sources noticed anything in the documents that would indicate they aren’t authentic. Though, the sources said they did not have specific knowledge of every document included in the massive leak.
The Reload reported the existence of the exposed information to the NRA and asked what was being done to secure its bank accounts and employees’ personal information. However, the NRA did not provide any statement in response to the questions.
The NRA has not spoken about the increasingly damaging leaks since they were first made public on October 27th.
“NRA does not discuss matters relating to its physical or electronic security,” Andrew Arulanandam, managing director of NRA Public Affairs, said at the time. “However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
Atlantic Union Bank said it would refer the information to its fraud department when questioned about the leak of the account numbers by The Reload.
It’s unclear what the NRA is doing to address the hack. However, on Tuesday, Grief moved the NRA from a section on its site indicating the hack was ongoing to one indicating it was complete. The hackers did not post an explanation for why they made the move, but the hacked files remained posted on the site.
Journey said he wants to see more information on the hack shared with the board and expressed concern the worst may still be to come despite what the hackers posted.
“It’s disconcerting that the level of information from staff regarding the hack has been woefully insufficient,” he said. “It’s unconscionable that this has happened. Who knows how far it went, what they have, and what they could still sell?”