A massive leak of unprotected data on a server belonging to the Oklahoma Securities Commission was discovered in December 2018.
Three terabytes of data were leaked, including evidence from hundreds of FBI investigations. Details in the material gone walkabout included financial transactions, emails relating to cases as well as letters from witnesses. Also included were email archives spanning 17 years, thousands of social security numbers, and passwords for remote access to agency computers.
The leak itself was discovered by a researcher from the cybersecurity firm UpGuard, who detected it in early December on the IoT-centric search engine Shodan. UpGuard also found that the unprotected server was at a “severe risk of breach,” and that it hadn’t been updated to address any newly discovered vulnerabilities in the previous three and a half years.
“The amount, and reach, of administrative and staff credentials represents a significant impact to the Oklahoma Department of Securities’ network integrity,” the company announced in a blog.
The FBI and the Oklahoma Securities Commission have both declined to comment.