A massive data leak has been discovered at the Oklahoma Securities Commission, in which millions of records -- including files related to sensitive FBI investigations over the last seven years, emails dating back 17 years and thousands of Social Security numbers -- have been exposed.
The breach was uncovered last month by Greg Pollock, a cybersecurity researcher at UpGuard, who claims the millions of files were publicly available on an online server and didn’t require any password to access them.
“It represents a compromise of the entire integrity of the Oklahoma Department of Securities’ network,” UpGuard’s Chris Vickery told Forbes, the first outlet that reported the breach. “It affects an entire state level agency. … It’s massively noteworthy.”
The Oklahoma agency is in charge of all financial securities business in the state and is tasked with regulation and enforcement of the business.
Vickery told Forbes that the exposed FBI files included “all sorts of archive enforcement actions” from the last seven years. The records also contained documents with agent-filled timelines of interviews related to investigations, bank transaction histories and emails from parties related to cases.
The FBI files also mentioned prominent companies and banks such as AT&T, Goldman Sachs and Lehman Brothers, but it appears that the companies are not linked to securities crimes and likely worked together with the FBI or were remotely linked to some cases.
The leak also contained emails that date back 17 years, Social Security numbers and other data stretching back to the 1980s, Forbes reported.
Vickery said the Oklahoma agency’s response to the data leak was “irresponsible” as it didn’t ask the researchers what happened to the data downloaded by the cybersecurity researcher.
The researchers also noted that the agency not only left sensitive data unprotected, but passwords for computers on the state government network were also uncovered, with Vickery calling them “not complicated,” according to the outlet.