Arkansas State Crime Lab Database Breached: Threat Actor kittykatkrew Leaks Court Calendars and Law Enforcement Personnel Directory
A threat actor operating under the alias kittykatkrew has released a database attributed to the Arkansas State Crime Laboratory (crimelab.arkansas.gov), the forensic science agency operating under the Arkansas Department of Public Safety. The listing claims the compromise was carried out via the agency's web portal at lasso.crimelab.arkansas.gov and publishes a download link containing two datasets: a complete court calendar with active case details and a full personnel directory of law enforcement and municipal officials with portal access.
A breach of a US state forensic science agency, exposing active criminal case calendars (defendants, court dates, forensic analyst assignments) and a personnel directory of prosecutors, police, and city officials with portal credentials. High risk of case tampering, witness intimidation, and targeted social engineering against law enforcement personnel.
Incident Summary
Incident Overview
A threat actor going by kittykatkrew has posted a breach of the Arkansas State Crime Laboratory on the cybercrime forum spear.cx. The Arkansas State Crime Lab is the state's primary forensic science agency, established in 1977 and placed under the Arkansas Department of Public Safety in 2019, with a main facility in Little Rock and regional laboratories in Lowell and Hope. The agency provides forensic pathology, toxicology, DNA, firearms, latent fingerprint, drug analysis, and digital evidence services to all state and federal law enforcement agencies operating in Arkansas, and is staffed by roughly 144 personnel. According to the listing, the compromise was achieved through the agency's public-facing web portal at lasso.crimelab.arkansas.gov.
The actor states that two distinct datasets were exfiltrated, and each is represented by a sample in the forum post. The data categories exposed include:
- Complete Court CalendarCase details (case numbers in 42BCR-25-61-style format, internal tracking IDs), defendant names, court dates, courtroom numbers, forensic analyst assignments, approval status, and prosecutor contact information.
- Full Personnel DirectoryNames, email addresses, phone numbers, job titles, and employing agencies for every portal user.
- Account Status MetadataAdministrative flags indicating which accounts are approved, rejected, or locked out, along with the most recent login timestamps for each user, which would allow an attacker to identify active versus dormant credentials.
- Agency MappingThe "agency" field in the personnel directory enumerates the full roster of Arkansas municipal, county, and state law enforcement and prosecutorial offices that hold LASSO portal access, producing a de facto map of the state's criminal justice IT footprint.
The exposure of active court-calendar data is the most severe element of this leak. Unlike a consumer PII breach, the dataset effectively publishes a schedule of upcoming criminal proceedings with the names of defendants, prosecutors, and the specific forensic analysts assigned to each case, creating tangible risks of witness or analyst intimidation, evidence or case tampering, and targeted social engineering in the window before a given court date. The personnel directory compounds the risk by providing verified contact paths (work emails, direct phone numbers, and authorised-user status) for prosecutors, police officials, and city attorneys across Arkansas, which is an ideal starting point for business-email-compromise, fake subpoena, or impersonation attacks.
Compromised Data Categories
Screenshots
