CO: Mesa County Database Leak Puts Informants In Jeopardy

[kirniki <kirniki () gmail com>]

http://www.huffingtonpost.com/2010/12/10/mesa-county-database-leak_n_795191.html

DENVER — A Colorado sheriff's online database mistakenly revealed the
identities of confidential drug informants and listed phone numbers,
addresses and Social Security numbers of suspects, victims and others
interviewed during criminal investigations, authorities said.

The breach potentially affects some 200,000 people, and Mesa County
sheriff's deputies have been sifting through the database to determine
who, if anyone, is in jeopardy.

[..]

The information sat there as a large text file. It was first accessed
by an outside computer on Oct. 30. Other computers accessed the
information over the next 25 days.

Hilkey declined to provide other details. But he surmised that a
Google Web crawler that can be programed to troll the Internet for
specific sets of information, such as nine-digit numbers that can be
Social Security numbers, found the server.

"Somebody who sets up that kind of Web crawler to search for that kind
of information probably doesn't have good intentions," the sheriff
said.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/