Nearly three terabytes worth of sensitive government files were left unguarded for a week on a wide-open server.
Lindsey O’Donnell filed this report in Threatpost.
Millions of sensitive files on a storage server belonging to the Oklahoma Department of Securities were left exposed for a week – including credentials, internal docs and personal data stretching back decades.
Researchers at UpGuard who discovered the data leak said that the publicly accessible data totaled a whopping three terabytes. The more severe types of files exposed included documents detailing FBI investigations, Social Security numbers for ten thousand brokers, credentials for remote access to Oklahoma Department of Securities workstations – and even a list of data relating to AIDS patients, including patient names.
“The amount, and reach, of administrative and staff credentials represents a significant impact to the Oklahoma Department of Securities’ network integrity,” said UpGuard in a Wednesday post detailing the leak. “The contents of those files ran the gamut from personal information to system credentials to internal documentation and communications intended for the Oklahoma Securities Commission.”
