-
A group called Mossad Leaks posted a 424.3 MB file on Telegram. They claim it holds personal documents of New York police officers.
-
The post names the New York State Police as the victim. But the file itself is labeled “NYPD.rar,” which refers to a different city agency.
-
Security experts warn this looks like a repost or a disinformation stunt. Anyone handling this file should use a simulated environment while performing their work.
A hacker has released 424 MB of leaked documents supposedly tied to the NYPD through Telegram. The group behind it calls itself Mossad. They claim the file labelled NYPD.ar contains all the personal documents of police officers. The actor also said it includes structured spreadsheets.
Experts suspect this might be recycled data or a simple repost, as the file name doesn’t even match the agency named in the claim.
A Confusing Target
The text of the post says the attack hit the New York State Police. But the attached file name says NYPD, which refers to the New York City Police Department. Those are two completely different agencies. One covers the entire state. The other handles just New York City.
The threat actor’s post on Telegram.
Real advanced hacking groups rarely make that kind of mistake, which is a red flag. Low-tier hackers often recycle old leaks. They package public records or old breach databases into a new file. Then they give it a dramatic name to attract subscribers.
It is a classic pattern of disinformation campaigns. These groups want attention, not accuracy.
The 424 MB file could contain public salary listings. It might hold old OSINT data. The actor might have collected several records from past leaks and put them in one file.
For now this claim has not yet been verified. But the pattern fits something called historical aggregation.
Telegram has become the go-to platform for such operations. Research shows Telegram is replacing the dark web for distributing stolen data and running disinformation campaigns.
That is just a fancy way of saying someone repackaged old junk.
A Real Police Breach Happened Recently
While this Telegram post looks shaky, actual police data breaches are real.
For instance, earlier reports indicated that a security breach at Syracuse Police began on or around January 2025.
Syracuse Police shut down their entire IT system on January 11 to prevent any further spread of the issue.
It took several weeks to fully restore everything. After a series of investigations, they discovered that someone had gained access to documents without permission between January 10 and January 12.
The city then worked with forensic experts to assess the situation and see the number of people affected. Now, a year later, this leak has cost taxpayers $250,000. That amount is what the government has deducted for cybersecurity insurance. They started sending out notification letters regarding this in March this year.
Officials won’t say exactly how many people were affected. But sources briefed on the matter say it could be as many as 15,000 people. Some of the leaked records date as far back as the 1980s.
One March 27 letter to a potential victim warned that Social Security numbers might have been compromised. The city is offering one year of free credit monitoring to victims through a firm called IDX.
What to Do When You Come Across Suspicious Leaks
Security experts recommend one clear path. Do not open it on your main computer.
If you must inspect the contents for intelligence work, use a sandbox. That means a single-use virtual machine. Keep it completely isolated from your corporate network.
Never trust a leak just because it has a scary name. And always check if the target in the text matches the file name.
In this case, there’s an obvious mismatch, which is enough to tell you not to believe the claim.
