[BreachExchange] Millions of files from the Oklahoma government, including details of FBI investigations, were left exposed in a massive data breach
Destry Winant
destry at riskbasedsecurity.com
Fri Jan 18 01:42:16 EST 2019
https://www.businessinsider.com/oklahoma-government-data-breach-fbi-documents-exposed-2019-1
Millions of files pertaining to sensitive FBI investigations were left
exposed on an unprotected internet server, cybersecurity researchers
say.
The data breach stems from an Oklahoma state-level agency, which
failed to properly protect three terabytes of "all sorts of archive
enforcement actions," Forbes reports. The millions of files contained
information from FBI case files dating back to 2012, including
interviews, witness statements, and bank transaction histories.
Additionally, the breach exposed email archives, thousands of social
security numbers, and data all the way back to the 1980s, the
cybersecurity company UpGuard wrote in a blog post.
UpGuard says it uncovered the breach back in December and notified the
affected government agency, the Oklahoma securities department. The
exposed data was stored on a state-agency server that wasn't properly
secured with a password, meaning the information on it was accessible
for anyone to see and download.
Although the affected department did remove public access to the
server in response, authorities failed to check whether exposed
information had been downloaded or misused, UpGuard told Forbes.
"It represents a compromise of the entire integrity of the Oklahoma
Department of Securities' network," UpGuard researcher Chris Vickery
told Forbes. "It affects an entire state level agency … It's massively
noteworthy."
The Oklahoma securities department told Forbes the matter was "under
investigation," but refused to comment any further.
In a statement to Forbes, the FBI said: "Adhering to Department of
Justice policy, the FBI neither confirms nor denies any
investigation."
More information about the BreachExchange
mailing list