Millions of Gov Files Exposed by Open Server
Server was left open for at least a week and exposes
sensitive information including FBI investigations to
patient’s health related data.
Millions of government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing almost three terabytes of data containing millions of sensitive files. Files including credentials, internal docs and personal data stretching back decades.
The unsecured storage server, discovered by UpGuard Data Breach Research team. According to the report ”
The amount, and reach, of administrative and staff credentials represents a significant impact to the Oklahoma Department of Securities’ network integrity. “
Report further said that, “It is uncertain exactly how long this data store was configured for public access, but Shodan, a search engine for internet-facing IP addresses, first registered it being publicly accessible on November 30th, 2018. UpGuard analysts identified the server’s potential for sensitive content on December 7 and notified Oklahoma on December 8. Public access was removed that day, preventing any further downloads by the means used by the UpGuard analysts. “
UpGuard also shows some artifact as a proof of the exposure.
More details about the data exposure can be found here.
