ODIN Intelligence is a technology company that makes database software for law enforcement. Its primary products are SONAR (Sex Offender Notification and Registration), SweepWizard (for law enforcement raids), and HMIS (Homeless Management Information System). HMIS includes facial recognition for identification. The company's private data, including raids and personally identifiable information, was documented in a breach in January 2023.
After the company's private databases were exposed in early January 2023, TechCrunch reported about three leaked databases totaling approximately 16 gigabytes that were published and verified by Distributed Denial of Secrets.[3] AWS GovCloud private keys were published as well. The data included tactical plans for police raids, police reports, a forensic extraction report, AFR Engine data, and audio from raids, dating from 2011 to December 2022.[4]
On January 15, the company's website was defaced in January 2023 in response to McCauley's dismissing of the data breach. The website was taken down on January 19 and remains offline as of January 22.[4] On January 17, the company acknowledged the data breach to the California Attorney General's Office.[5] The company also removed Apple and Android apps.[6]
The company's website stated their products were Criminal Justice Information Services–compliant, which was also documented to at least one customer; Wired stated it was clearly not compliant.[6]
SweepWizard
SweepWizard is used to track and coordinate police raids.
SweepWizard was used in a 64-agency effort, Operation Protect the Innocent, which rounded up over 600 suspected sex offenders in September 2022.[6]
Data from SweepWizard was found exposed in the January 2023 data breach, including personal identifying information on over 5000 individuals and social security numbers for over 1000 individuals. WIRED verified the unauthenticated API endpoint that returned breached data; in response, CEO McCauley stated "we have been unable to reproduce the alleged security compromise to any ODIN system".[6]
HMIS
HMIS, or Homeless Management Information System, is used to catalog homeless populations, including demographic data, interaction tracking, criminal and warrant history, and labels such as "needles", "assaultive", and "registered sex offender".[2] A company brochure for the product states "Police use ODIN facial recognition to identify even non-verbal or intoxicated individuals".[1]
SOMS
SONAR (Sex Offender Notification and Registration) or SOMS (Sex Offender Management System) is used to register sex offenders.[2]
^"ODIN Intelligence - Distributed Denial of Secrets". ddosecrets.com. Retrieved 22 January 2023. 19 GB including thousands of photos, audio recordings, reports and user information from ODIN Intelligence and SweepWizard, a pair of apps geared towards law enforcement that primarily target houseless people.
^"ODIN Intelligence breach notice". documentcloud.org. 17 January 2023. Retrieved 22 January 2023. Between January 5, 2023 - January 10, 2023, An individual claiming to write for Wired magazine sent an email recently alleging to have received information about a potential security vulnerability in SweepWizard, a product possibly used by your Agency. The individual claimed that the software had a vulnerability, which we were unable to reproduce. However, out of an abundance of caution, we immediately took our servers offline to prevent any further breach. On January 10, 2023, this individual contacted us again, this time claiming to have gained unauthorized access to the SweepWizard app retrieving confidential law enforcement data. On or about January 14, 2023, in a separate incident, a hacker group claimed to have hacked ODIN Intelligence, Inc. computer systems, and acquired [sic] 16 gigabytes of data. This incident is still being investigated.