Arkansas State Crime Lab Database Breached: Threat Actor kittykatkrew Leaks Court Calendars and Law Enforcement Personnel Directory
Threat actor kittykatkrew breaches Arkansas State Crime Lab, leaks court calendars and law enforcement personnel
Summary
A threat actor known as kittykatkrew has compromised the Arkansas State Crime Laboratory's LASSO portal, exfiltrating active court calendars containing case details, defendant names, court dates, and forensic analyst assignments, along with a complete personnel directory of prosecutors, police, and city officials with contact information and credential metadata. The breach exposes roughly 144 agency staff and creates significant risk of case tampering, witness intimidation, targeted social engineering, and business-email-compromise attacks against Arkansas law enforcement and the criminal justice system.
Full text
Active Threat Report ID: DWI-2026-0423-01 Critical Severity A breach of a US state forensic science agency, exposing active criminal case calendars (defendants, court dates, forensic analyst assignments) and a personnel directory of prosecutors, police, and city officials with portal credentials. High risk of case tampering, witness intimidation, and targeted social engineering against law enforcement personnel. 01 Incident Summary Date & Time2026-04-23 19:02 UTC Threat Actorkittykatkrew VictimArkansas State Crime Lab Domaincrimelab.arkansas.gov IndustryGovernment / Law Enforcement CategoryData Breach Entry Pointlasso.crimelab.arkansas.gov ScopeCourt Calendar + Personnel Record CountUndisclosed DistributionFree Download File Hostbiteblob.com Archive Format.rar Forumspear.cx NetworkOpen Web StateArkansas Country United States 02 Incident Overview A threat actor going by kittykatkrew has posted a breach of the Arkansas State Crime Laboratory on the cybercrime forum spear.cx. The Arkansas State Crime Lab is the state's primary forensic science agency, established in 1977 and placed under the Arkansas Department of Public Safety in 2019, with a main facility in Little Rock and regional laboratories in Lowell and Hope. The agency provides forensic pathology, toxicology, DNA, firearms, latent fingerprint, drug analysis, and digital evidence services to all state and federal law enforcement agencies operating in Arkansas, and is staffed by roughly 144 personnel. According to the listing, the compromise was achieved through the agency's public-facing web portal at lasso.crimelab.arkansas.gov. The actor states that two distinct datasets were exfiltrated, and each is represented by a sample in the forum post. The data categories exposed include: Complete Court CalendarCase details (case numbers in 42BCR-25-61-style format, internal tracking IDs), defendant names, court dates, courtroom numbers, forensic analyst assignments, approval status, and prosecutor contact information. Full Personnel DirectoryNames, email addresses, phone numbers, job titles, and employing agencies for every portal user. Account Status MetadataAdministrative flags indicating which accounts are approved, rejected, or locked out, along with the most recent login timestamps for each user, which would allow an attacker to identify active versus dormant credentials. Agency MappingThe "agency" field in the personnel directory enumerates the full roster of Arkansas municipal, county, and state law enforcement and prosecutorial offices that hold LASSO portal access, producing a de facto map of the state's criminal justice IT footprint. The exposure of active court-calendar data is the most severe element of this leak. Unlike a consumer PII breach, the dataset effectively publishes a schedule of upcoming criminal proceedings with the names of defendants, prosecutors, and the specific forensic analysts assigned to each case, creating tangible risks of witness or analyst intimidation, evidence or case tampering, and targeted social engineering in the window before a given court date. The personnel directory compounds the risk by providing verified contact paths (work emails, direct phone numbers, and authorised-user status) for prosecutors, police officials, and city attorneys across Arkansas, which is an ideal starting point for business-email-compromise, fake subpoena, or impersonation attacks. 03 Compromised Data Categories Active Case Numbers Defendant Names Court Dates Courtroom Numbers Forensic Analyst Assignments Prosecutor Names & Emails Law Enforcement Directory Work Email Addresses Direct Phone Numbers Job Titles Employing Agencies Account Status Flags Last Login Timestamps 04 Screenshots FIG 01 · spear.cx listing by kittykatkrew with court calendar sample FIG 02 · Personnel directory JSON sample and biteblob.com download URL This post is for subscribers on the Plus, Pro and Elite tiers Subscribe Already have an account? Sign In
Indicators of Compromise
- domain — lasso.crimelab.arkansas.gov
- domain — crimelab.arkansas.gov
- domain — biteblob.com
- domain — spear.cx