Oklahoma Government Leaks 3TB of Sensitive Data

Millions of sensitive files dating back decades have been exposed after 3TB of data on a storage server was left publicly exposed by the Oklahoma Securities Commission. Researchers at UpGuard made the discovery on December 7 last year and it was fixed a day later by the commission, part of the state’s Department of Securities which regulates and administers the trading securities sector. It was first registered as publicly accessible by Shodan a week earlier. “The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services, allowing any user from any IP address to download all the files stored on the server,” explained the security vendor. “The website for the Securities Commission has an UpGuard Cyber Risk score of 171 out of 950, indicating severe risk of breach. Among the issues lowering the website’s score is the use of the web server IIS 6.0, which reached end of life in July 2015, meaning no updates to address any newly discovered vulnerabilities have been released in the last three and a half years.”