Sensitive Files Exposed in Oklahoma Securities Commission Data Leak -- Security Today

Sensitive Files Exposed in Oklahoma Securities Commission Data Leak

Millions of sensitive files were discovered on an unprotected server belonging to a state level agency.

By Sydny Shepard
Jan 18, 2019

Millions of sensitive files—some regarding investigations by the FBI—were uncovered in an unprotected data leak at the Oklahoma Securities Commission in December.

Forbes reported that three terabytes of information was left on a server with no password, leaving it open to anyone with an internet connect. The leaked data included passwords, bank transactions, thousands of social security numbers and email archives stretching back nearly two decades.

"[The breach] represents a compromise of the entire integrity of the Oklahoma department of securities' network," Chris Vickery, head of research at UpGuard, which discovered the leak, told Forbes. "It affects an entire state level agency. ...It's massively noteworthy."

Vickery said the FBI files contained "all sorts of archive enforcement actions" dating back seven years. The documents included spreadsheets with agent-filled timelines of interviews related to investigations, emails from parties involved in various cases and bank transaction histories. There were also copies of letters from subjects, witnesses and other parties involved in FBI investigations.

Cybersecurity firm UpGuard discovered the leak and said they reported it to the Oklahoma Department of Securities. Forbes asked the FBI to comment on the leak of case files and a spokes person provided the following statement:

"Adhering to Department of Justice policy, the FBI neither confirms nor denies any investigation."

In a blog post about the data leak, UpGuard said that while there was years of information on the server, it was not accessible for long.

"The good news is that, while the contents of the server extended over years, the known period of exposure was quite short," UpGuard said. "Shortening the window of exposure reduces the likelihood of other parties accessing the data and enables its owners to take responsive measures before the data is used maliciously."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Security Industry Association Announces the 2025 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2025 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both short- and long-term change in the global security industry. Read Now
- Cybersecurity
- Artificial Intelligence
Generative AI, Cybersecurity Among Top Risks for Healthcare Provider Organizations in 2025

Overseeing the use of generative artificial intelligence, enhancing cybersecurity and ensuring compliance with a host of federal healthcare regulations headline the Top Risks health systems face in 2025, according to an annual study by Kodiak Solutions. Read Now
- Hospital
Wisconsin Shooting Likely a 'Combination of Factors'

Following the deaths of a teacher and student at Abundant Life Christian School in, Madison, Wisc., police chief Shon Barnes indicated that the motive appears to be a “combination of factors” for a 15-year-old female student’s attack on a study hall. Read Now
- Active Shooter
- Incident Response
Louisville Muhammad Ali International Airport Transforms Operations Using Data Insights

Genetec Inc., provider of enterprise physical security software, recently announced that Louisville Muhammad Ali International Airport (SDF), a civil and military airport in Kentucky, USA is using Genetec Security Center to drive operational improvements to enhance efficiency and security while improving customer experience. Read Now
- Airport Security

Webinars

Building a Unified Approach to School Safety
The Center for Safe and Resilient Schools and Workplaces

Precovery in Action: Proactive Strategies to Promote School Safety and Mass Violence Prevention
Hanwha Vision (formerly Hanwha Techwin), NAPCO Security Technologies, Inc.

Getting Control of your Access

Whitepapers

Salient Systems

A Model for Community Security
Genetec

State of Physical Security 2025
Winsted Corporation

Sit/Stand Consoles: Helping Increase Productivity

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

Sensitive Files Exposed in Oklahoma Securities Commission Data Leak

CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure

Fast-food Operator Enhances Safety and Cuts Security Costs with Interface Systems’ Virtual Guard

Eagle Eye Cabinets Extend Video Security to Remote and Hard-to-Wire Locations

ESX 2025 Registration Now Open

ASIS International Announces Officers and Directors for 2025 Global and Regional Governing Boards

ISS Welcomes New Director of Strategic Partnerships, Regional Sales Director

Security Industry Association Opens Call for Nominations for 2025 Women in Security Forum Power 100