It’s no surprise that comment forums, even on government sites, are filled with mass generated, fake comments. But when it comes to the public debate that raged in the FCC’s comment section in 2017, a new investigation has revealed that many of the comments were not only fake but were made using stolen or purchased identities obtained from one massive data breach in 2016.

Following a series of subpoenas, in 2018 the New York attorney general found that 9.6 million comments in the FCC net neutrality rulings were made using such fraudulent identities, making this one of the largest cases of stolen identities in U.S. history, and one that turned the tide on the net neutrality decision to have it repealed in 2017.

For a refresher, net neutrality was originally an Obama-era policy that forced cable companies to treat all internet traffic equally, and not slow or restrict access to sites based on content. This was signed into law in 2014, despite push back from opposition that it was an assault on free enterprise and unfair to the cable providers.

Following the election of President Donald Trump in 2016, net neutrality was soon back on the chopping block. Helmed by the FCC’s new chairman, Ajit Pai, the conversation was brought to the FCC’s online forum. While the implementation or repeal of net neutrality is not something the public was able to vote on, they were able and encouraged to voice their opinions online as “public comment” on the FCC’s website. And they did so, in massive numbers.

Buzzfeed News reports that the FCC debate in 2017 garnered 22 million comments, compared to the 4 million the debate saw in 2014. But, as Buzzfeed and other outlets began to notice, something about these comments wasn’t quite right.

Comments found in the forum appeared to be made not only by fictional characters like Boba Fett and Luke Skywalker, but also by government officials who denied making them and by individuals who had previously passed away. These comments were also traceable in many cases to one New York City IP address, despite having claimed to be located elsewhere in the country.

With some digging, Buzzfeed News was able to trace back many of these comments to one group in particular: a political consultancy based in Virginia called Media Bridge.

While Media Bridge denied any fraudulent activity, nearly 2 million comment submissions were found to have been made by Media Bridge founder Shane Cory. This in itself was not necessarily wrong doing, as the company in theory solicits comments from voters and uses those to lobby for big-telecom, but Buzzfeed News found that 94 percent of comments posted by Media Bridge claimed to be from voters who had also had data previously compromised in the 2016 Modern Business Solutions data breach.

Media Bridge claims that this overlap is a coincidence, after all, many Americans have their identities stolen each day, but what is not a coincidence, reports Buzzfeed News, is that the overlapping identities not only used the same, odd address formatting as the breach did — using “underscores instead of spaces” — but the comments themselves also fell into a familiar pattern identified by data scientist turned ProPublica journalist, Jeff Kao.

In 2017, Kao found that at least 1.3 million comments made in the FCC’s forum were just the product of a something called “clustering,” essentially meaning that millions of unique appearing comments were generated from a single template, with slight variation in key phrases.

Comments posted by Media Bridge in 2017 used both identity information from the Modern Business Solutions breach as well as language exhibiting this clustering technique to turn the tide on net neutrality and help push the ultimate decision toward repeal.

Buzzfeed News’ investigation also found that Media Bridge as well as a similar company called LCX were implicated in other fake comment assaults as well, including those used in support of the Keystone XL pipeline as well as state specific lobbying efforts.

Legal action, if any, is still unknown following the findings of Buzzfeed News and others, but what is already certain is the effect this kind of fraud has had on public trust.

Sarah Reeves, who found fake comments posted by herself as well as posthumously by her mother, told Buzzfeed News that the ease with which these kinds of comments can be made “gave us this impression that it didn’t matter how we actually felt.