A document leak occurs when sensitive information is released to the public by accident. This could be as simple as an employee bringing home a USB drive with confidential files or a company sending classified data to the wrong printer. Even advanced tools like email servers, messaging apps and cloud storage systems can be a source of a leak.
A few months ago images of what appeared to be US intelligence documents began popping up online — on the chat platform Discord, as well as in forums discussing Ukraine’s war with Russia. Many were reportedly marked top secret, the highest level of classification. The photos often showed the documents crumpled, as if they’d been hastily folded into a pocket and then removed from a secure location. This led investigators to suspect they were the work of a military or government employee with access.
Several other details of the alleged leak sprang to light as well. Bellingcat and the New York Times reported that Jack Teixeira, 21, a member of the Massachusetts Air National Guard’s intelligence wing, posted the documents to a private Discord group that eventually leaked them to the wider internet. He was arrested and charged on Friday.
When an incident happens, there’s a critical first step that investigators must take to preserve evidence: establishing a chain of custody between the point where the leak surfaced and its source. That means preserving all emails, logs, server activity and copies of the data that was leaked. It also means halting normal deletion cycles across all email servers, cloud platforms and document repositories while investigations are underway.
About the Author
