Security researchers have disclosed an open server at the Oklahoma Securities Commission that has a huge trove of data containing confidential government files and documents related to FBI investigation.
The Oklahoma Department of Securities (ODS) has acknowledged the breach after a Silicon Valley-based security firm, UpGuard’s, security researchers Chris Vickery and Greg Pollock reported how they discovered a wide-open server belonging to the agency.
“The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services (OMES), allowing any user from any IP address to download all the files stored on the server,” says Pollock.
The researchers found a three TB of data, and files include spreadsheets, Life insurance information, names of AIDS patient, interviews with witnesses, social security number, bank records, and emails and letters from agents, witnesses, and subjects.
The companies which were badly affected by this breach are AT&T, Goldman Sachs, and Lehman Brothers.
“It represents a compromise of the entire integrity of the Oklahoma Department of securities’ network,” UpGuard’s head of research Chris Vickery told Forbes. “It affects an entire state level agency… It’s massively noteworthy.”
Meanwhile, ODS has said that the open server was immediately secured after the exposure was discovered.
“A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them,” the department added. “The ODS is also exploring remedial actions and notifications for anyone whose information may have been exposed.