Researchers have disclosed a huge leak of government data stemming from the Oklahoma Securities Commission. As discovered by UpGuard researcher Greg Pollock, 3 TB of data was exposed, including millions of files, many of which pertained to FBI investigations.
The data was exposed on a server sans password protection, meaning anyone with an Internet connection may have had access. Chris Vickery, head of research for UpGuard, reported to Forbes the FBI data had seven years' worth of archive enforcement actions. Files included FBI interviews, emails among people involved with investigations, and letters from witnesses. They named companies involved with investigations, such as AT&T and Goldman Sachs.
Vickery, who calls the incident "massively noteworthy," says the commission had a poor response. Nobody looked into what was done with the trove of data downloaded by the researchers, he says. A spokesperson said the issue was being investigated; when the commission was alerted to the incident in December, it took the server off the public Internet.
Further, when Vickery and Pollock shared the breach, they told the agency it had exposed an rsync server, which holds large data stores and must be password-protected. This was one of several poor security practices the commission showed, in addition to weak passwords on government machines.
Read more details here.