Since November 30th, 2018, a storage server used by the Oklahoma Securities Commission was left open to the general public without password protection. Personal data, credentials for the system, and even FBI investigation details were included. The FBI data stems back seven years with information including interviews, email archives, transaction files, witness and subject letters, and social security numbers. “The scale of the data makes it impractical to perform any kind of exhaustive documentation of the exposed information, so researchers instead scrutinized the types of digital artifacts – stored emails and virtual machine disk images – and types of data they contained, including personal information, system credentials, and business data,” researchers added. The commission has since removed their server to prevent public access.
Analyst Notes
Since social security numbers were released, users should be vigilant against increased identity theft attempts. Users could also contact their credit card companies and banks to make sure that they are aware of the potential fraudulent activity that could e seen on their account.
