BreachExchange mailing list archives
Millions of files from the Oklahoma government, including details of FBI investigations, were left exposed in a massive data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 18 Jan 2019 00:42:16 -0600
https://www.businessinsider.com/oklahoma-government-data-breach-fbi-documents-exposed-2019-1 Millions of files pertaining to sensitive FBI investigations were left exposed on an unprotected internet server, cybersecurity researchers say. The data breach stems from an Oklahoma state-level agency, which failed to properly protect three terabytes of "all sorts of archive enforcement actions," Forbes reports. The millions of files contained information from FBI case files dating back to 2012, including interviews, witness statements, and bank transaction histories. Additionally, the breach exposed email archives, thousands of social security numbers, and data all the way back to the 1980s, the cybersecurity company UpGuard wrote in a blog post. UpGuard says it uncovered the breach back in December and notified the affected government agency, the Oklahoma securities department. The exposed data was stored on a state-agency server that wasn't properly secured with a password, meaning the information on it was accessible for anyone to see and download. Although the affected department did remove public access to the server in response, authorities failed to check whether exposed information had been downloaded or misused, UpGuard told Forbes. "It represents a compromise of the entire integrity of the Oklahoma Department of Securities' network," UpGuard researcher Chris Vickery told Forbes. "It affects an entire state level agency … It's massively noteworthy." The Oklahoma securities department told Forbes the matter was "under investigation," but refused to comment any further. In a statement to Forbes, the FBI said: "Adhering to Department of Justice policy, the FBI neither confirms nor denies any investigation." _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Millions of files from the Oklahoma government, including details of FBI investigations, were left exposed in a massive data breach Destry Winant (Jan 18)