Sensitive Files Exposed in Oklahoma Securities Commission Data Leak -- Security Today

Sensitive Files Exposed in Oklahoma Securities Commission Data Leak

Millions of sensitive files were discovered on an unprotected server belonging to a state level agency.

By Sydny Shepard
Jan 18, 2019

Millions of sensitive files—some regarding investigations by the FBI—were uncovered in an unprotected data leak at the Oklahoma Securities Commission in December.

Forbes reported that three terabytes of information was left on a server with no password, leaving it open to anyone with an internet connect. The leaked data included passwords, bank transactions, thousands of social security numbers and email archives stretching back nearly two decades.

"[The breach] represents a compromise of the entire integrity of the Oklahoma department of securities' network," Chris Vickery, head of research at UpGuard, which discovered the leak, told Forbes. "It affects an entire state level agency. ...It's massively noteworthy."

Vickery said the FBI files contained "all sorts of archive enforcement actions" dating back seven years. The documents included spreadsheets with agent-filled timelines of interviews related to investigations, emails from parties involved in various cases and bank transaction histories. There were also copies of letters from subjects, witnesses and other parties involved in FBI investigations.

Cybersecurity firm UpGuard discovered the leak and said they reported it to the Oklahoma Department of Securities. Forbes asked the FBI to comment on the leak of case files and a spokes person provided the following statement:

"Adhering to Department of Justice policy, the FBI neither confirms nor denies any investigation."

In a blog post about the data leak, UpGuard said that while there was years of information on the server, it was not accessible for long.

"The good news is that, while the contents of the server extended over years, the known period of exposure was quite short," UpGuard said. "Shortening the window of exposure reduces the likelihood of other parties accessing the data and enables its owners to take responsive measures before the data is used maliciously."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Live from GSX 2024: Post-Show Recap

Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now
- Industry Events
- GSX
Research: Cybersecurity Success Hinges on Full Organizational Support

Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now
- Cybersecurity
Live from GSX 2024: Day 3 Recap

And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now
- Industry Events
- GSX
Bringing New Goods to Market

The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now
- Industry Events
- GSX

Webinars

Push-to-Talk over Cellular – The NEXT Revolution
Napco Access Pro, Eagle Eye Networks Inc, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365

Whitepapers

Securitas Technology

Optimizing Security and Business Performance
American Funding Solutions

Securing Cash Flow: How Invoice Factoring Helps Security Companies Grow
Arcules

Physical security shift happens

New Products

Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3
Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

Sensitive Files Exposed in Oklahoma Securities Commission Data Leak

16,000 Registrants from 86 Nations Participate in GSX 2024

IDIS Americas Releases AI-Powered, License-Free VMS

Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads

Security Industry Association Announces New Advisory Board for SIA Veterans in Security Community

Genetec Introduces New Collaborative Intelligence Feature for AutoVu Cloudrunner

PureTech Systems Awarded Major Contract to Provide AI Technology to Help Secure Critical Infrastructure Waterway

Hanwha Vision Showcases AI Powered, Cloud Connected Solutions at GSX