A researcher by the name of Greg Pollock at the cybersecurity firm UpGuard recently discovered that the Oklahoma Securities Commission left three terabytes of sensitive data unsecured on a server allowing anyone with an internet connection to access it.
Among the millions of files that were not password protected, Pollock discovered details on sensitive FBI investigations along with emails and bank transaction histories.
UpGuard’s Head of Research Chris Vickery provided further insight on the leak, saying:
“It represents a compromise of the entire integrity of the Oklahoma department of securities’ network. It affects an entire state level agency. … It’s massively noteworthy.”
Sensitive FBI data
According to Vickery, the FBI files stored on the Oklahoma Securities Commission’s server contain “all sorts of archive enforcement actions” dating back seven years.
The documents even include spreadsheets with agents’ timelines of investigation interviews, emails from parties involved in cases and histories of bank transactions. There were even copies of letters from subjects, witnesses and other parties involved in FBI investigations.
A number of major companies were also named in the FBI files including AT&T, Goldman Sachs and Lehman Brothers.
To make matters worse, the leak also included email archives going back 17 years, thousands of social security numbers and data from the 1980s onwards.
UpGuard initially discovered the leak due to the fact that the commission had mistakenly left an rsync server open and these servers are generally used to backup large amounts of data.