Last December, millions of files and thousands of Social Security numbers were left unprotected and accessible to anyone with an internet connection, cybersecurity researchers found.
UpGuard, an Australian cybersecurity startup founded in 2012, said its researchers found three terabytes of publically accessible data from the Oklahoma Securities Commission. Forbes reported that number amounted to millions of files, many from FBI investigations, and thousands of Social Security numbers.
UpGuard said the data was "generated over decades" with the oldest data being from 1986. The most recently-modified information was from 2016. Researchers said they uncovered the sensitive content on Dec. 7, 2018, and notified the Securities Commission on Dec. 8. UpGuard said, "public access was removed that day, preventing any further downloads by the means used by the UpGuard analysts."
The Oklahoma Securities Commission is responsible for regulating and enforcing securities business around the state. Forbes reported some of the leaked FBI files included documents with agent-file timelines of interviews, emails from investigations, bank transaction histories and letters from subjects and witnesses.
UpGuard said the leak also contained emails dating back 17 years and thousands of social security numbers and data from as far back as the 1980s.
The Oklahoma agency told Forbes, "This matter is under investigation and the department has no further comment at this time."
The types of files reportedly left exposed in "rsync servers" included personal information like the social security numbers of thousands of brokers, a database containing information related to people with AIDS and passwords and credentials for computers on the Oklahoma government's network.
Exposed business information reportedly included training documents for those working on the Securities Commission, email histories, department investigations files and spreadsheets of timelines for FBI investigations.
UpGuard concluded by saying, "creating backups is a good practice to increase resilience in the face of attacks like ransomware," but "the final crucial step is to maintain control over every copy of those data stores."
►Make it easy to keep up-to-date with more stories like this. Download the 10News app now.
Have a news tip? Email desk@wtsp.com, or visit our Facebook page or Twitter feed.
