- Joined
- Mar 3, 2018
- Messages
- 1,713
The UpGuard Data Breach Research team, who previously uncovered data breaches in U.S. voting systemsand an Experian partner, recently exposed a massive leak from Oklahoma's Department of Securities. The contents of the files "ran the gamut from personal information to system credentials to internal documentation and communications intended for the Oklahoma Securities Commission," but the sheer bulk of the 3TB of data is made up of Outlook backup archives dating back to at least 1999, while some data goes back to 1986. Among other things, the leak contained the social security numbers of "approximately ten thousand brokers." identifying information on over a hundred thousand brokers, sensitive medical data, credentials for various IT services, and files related to investigations and FBI interviews. While UpGuard's post wasn't particularly critical, Chris Vickery, head of research at UpGuard, told Forbes that the department's response was "irresponsible," as they "didn't check to see what was done with the mass of data downloaded by the researchers." UpGuard also found some glaring security oversights in the leaked data, such as decrypted versions of documents being stored in the same folder as encrypted versions.
Businesses and organizations naturally accumulate stores of data, both because of the value of that data and to comply with retention policies. Creating backups is a good practice to increase resilience in the face of attacks like ransomware. Backups are also necessary for migrations to ensure data can be recovered as businesses adopt newer and more secure technologies. But as this case highlights, the final crucial step is to maintain control over every copy of those data stores. The good news is that, while the contents of the server extended over years, the known period of exposure was quite short. Thanks to the Data Breach Research team's techniques for quickly identifying risks, the exposure was identified only one week after it showed up in Shodan's catalogue of global IP addresses. Shortening the window of exposure reduces the likelihood of other parties accessing the data and enables its owners to take responsive measures before the data is used maliciously.
Businesses and organizations naturally accumulate stores of data, both because of the value of that data and to comply with retention policies. Creating backups is a good practice to increase resilience in the face of attacks like ransomware. Backups are also necessary for migrations to ensure data can be recovered as businesses adopt newer and more secure technologies. But as this case highlights, the final crucial step is to maintain control over every copy of those data stores. The good news is that, while the contents of the server extended over years, the known period of exposure was quite short. Thanks to the Data Breach Research team's techniques for quickly identifying risks, the exposure was identified only one week after it showed up in Shodan's catalogue of global IP addresses. Shortening the window of exposure reduces the likelihood of other parties accessing the data and enables its owners to take responsive measures before the data is used maliciously.