{"id":393697,"date":"2019-01-22T07:51:02","date_gmt":"2019-01-22T06:51:02","guid":{"rendered":"http:\/\/rinf.com\/alt-news\/newswire\/7-years-of-fbi-data-corporate-info-ssns-names-of-aids-patients-exposed-rt-usa-news\/"},"modified":"2019-01-22T07:51:02","modified_gmt":"2019-01-22T06:51:02","slug":"7-years-of-fbi-data-corporate-info-ssns-names-of-aids-patients-exposed-rt-usa-news","status":"publish","type":"post","link":"http:\/\/rinf.com\/alt-news\/newswire\/7-years-of-fbi-data-corporate-info-ssns-names-of-aids-patients-exposed-rt-usa-news\/","title":{"rendered":"7 years of FBI data, corporate info, SSNs & names of AIDS patients exposed \u2014 RT USA News"},"content":{"rendered":"

A trove of unprotected data including FBI investigations into corporations like AT&T, Goldman Sachs, and Lehman Brothers, along with personal information, has been exposed in a data leak by the Oklahoma Securities Commission.<\/p>\n

\n

Three terabytes of data \u2013 millions of files \u2013 were left on a server with no password protection, freely available to anyone who stumbled across them, according to cybersecurity researchers Greg Pollock and Chris Vickery at cybersecurity firm UpGuard<\/a>.<\/p>\n

\n
\n

New report this morning from my team within @UpGuard<\/a>. The Oklahoma Department of Securities exposed an rsync host to the public internet with no username or password required to download. Mountains of broker PII and investigation files. https:\/\/t.co\/BwnaImRdtv<\/a><\/p>\n

\u2014 Chris Vickery (@VickerySec) January 16, 2019<\/a><\/p><\/blockquote>\n<\/div>\n

The files belonged to the Oklahoma Securities Commission, the government agency that regulates all financial securities business in the state. Among them were FBI files dating back seven years, covering cases open since the 1980s.<\/p>\n

These documents included spreadsheets, interviews with witnesses, bank records, and emails and letters from agents, witnesses, and subjects. Major companies involved with these cases included AT&T, Goldman Sachs, and Lehman Brothers.<\/p>\n

Personal information on around ten thousand brokers was also exposed, including their social security numbers. Life insurance information, including names of AIDS patient and T cell counts was also revealed.<\/p>\n

\n

Read more<\/p>\n

<\/p>\n\"Over<\/source><\/source><\/picture>

<\/a>\n<\/div>\n

\u201cIt represents a compromise of the entire integrity of the Oklahoma department of securities\u2019 network,\u201d<\/em> UpGuard\u2019s head of research Chris Vickery told Forbes<\/a>. \u201cIt affects an entire state level agency\u2026 It\u2019s massively noteworthy.\u201d<\/em><\/p>\n

Hackers interested in the files could have acquired them with minimal effort. The server they were stored on was not password protected, and could have been identified with readily available software that scans the internet for such servers. Within the server, the UpGuard team found further vulnerabilities. Passwords for agency computers were stored there, and encrypted files were stored in the same folders as unencrypted versions.<\/p>\n

Once the breach was discovered, the data was transferred to a secure server. But, UpGuard cannot tell who may have accessed it in the interim. Vickery told Forbes that the commission\u2019s response was \u201cirresponsible,\u201d<\/em> as the OSC seemed uninterested in checking what had been done with the data.<\/p>\n

The Oklahoma Securities Commission is not the only government department to be caught with its pants down in recent years. A database of information on 191 million voters in all 50 states was left open to the public on an unconfigured server in 2015. In a similar case in 2011, the Texas Comptroller\u2019s Office admitted that it had inadvertently stored 3.5 million Texans\u2019 personal information on a publicly accessible state server.<\/p>\n

The corporate world is also rife with similar stories. Last April, data<\/a> from 48 million social media users was left in an unsecured Amazon server by LocalBlox, a data analytics company. In December, Level One Robotics, a company that provides robots for the auto industry, left data on an unsecure server. Auto giants Volkswagen, Chrysler, Ford, Toyota, General Motors and Tesla all had confidential data exposed in the leak<\/a>.<\/p>\n

Think your friends would be interested? Share this story!<\/em><\/strong><\/p>\n<\/div>\n