Skip to main content

U.S. Government Credential Exposure

There is arguably no bigger producer, collector, consumer, and disseminator of data on the planet than the United States government. And yet, SpyCloud analysis has shown that its vast network of employees at the federal, state and local levels, including its contractors, are leaving that data exposed to enormous risk.

In 2020 alone, SpyCloud found:

  • 269,690 plaintext government credentials leaked in 465 breaches.
  • More than 1 million pairs of exposed emails and passwords for corporate accounts at the 27 largest companies in the defense industrial base.
  • 800,000 exposed corporate credentials (more than 7,000 per company) for employees at the 109 Fortune 1000 companies in the energy sector.

These exposures provide potential avenues for bad actors to access government resources and create massive risk in the government supply chain.

As this report explains, the prevalence of password reuse and loose credential security protocols are gifts to cybercriminals that expose the U.S. to significant risks. Our “Special Report: 2021 U.S. Government Credential Exposure” provides the prescriptive guidance needed to address this trend, along with a new framework for securing credentials that applies to employees, suppliers, and citizens.


Account Takeover Prevention
Detect and automatically reset exposed credentials before criminals can exploit them to perpetrate targeted attacks like ransomware.
Download the PDF version of the report to print or share with others.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.


Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.