Home Security US state's securities dept leaves 1m files exposed
US state's securities dept leaves 1m files exposed Courtesy UpGuard

More than a million files belonging to the Department of Securities in the US state of Oklahoma were exposed to public view for an unknown period, the security firm UpGuard says, before they were secured after the department was notified by the company on 8 December 2018.

A blog post said the files included personal information, system credentials, internal documentation and communications intended for the Oklahoma Securities Commission.

The server in question was running an ancient version of Microsoft's Internet Information Server — IIS 6.0 — that had reached its end-of-life in July 2015.

The unsecured data was found using Shodan, a search engine for Internet-facing IP addresses, which showed that the data had been publicly accessible at least from 30 November last year.

UpGuard said the metadata of the files showed that their dates ranged from 1986 to to 2016. They were exposed through an unsecured rsync service at an IP registered to the Oklahoma Office of Management and Enterprise Services.

Among the information on the server was the following personal information:

  • One Microsoft Access database containing information on approximately 10,000 brokers, including their social security numbers.
  • A CSV with the partial name “IdentifyingInformation.csv” containing the date of birth, state of birth, country of birth, gender, height, weight, hair colour, and eye colour for over a hundred thousand brokers.
  • A database related to viators, a financial vehicle through which terminally ill patients can sell their life insurance benefits, contained information related to people with AIDS including patient names and T cell counts.

The following system credentials were also exposed:

  • VNC credentials for remote access to Oklahoma Department of Securities workstations.
  • A BlueExpress database of credentials for third parties submitting securities filings.
  • A spreadsheet of IT services with the usernames and passwords for accounts with Thawte, Symantec Protection Suite, Tivoli, and others.

The department closed off access to the server that same day it was notified.

FREE SEMINAR

Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Guest Opinion

 

Sponsored News

 

 

 

 

Connect