7 years of FBI Investigation Data leaked on Unprotected Oklahoma Server

2019, Breaches, January

Who: Oklahoma Securities Commission

What was affected: The FBI files contained “all sorts of archive enforcement actions” dating back seven years (the earliest file creation date was 2012). The documents included spreadsheets with agent-filled timelines of interviews related to investigations, emails from parties involved in multiple cases and bank transaction histories. There were also copies of letters from subjects, witnesses and other parties involved in FBI investigations. Major companies were also named in the leaked FBI file including AT&T, Goldman Sachs, and Lehman Brothers, among many others.

When it happened: December 2018 How it happened: Last December, a whopping 3 terabytes of unprotected data from the Oklahoma Securities Commission was uncovered by Greg Pollock, a researcher with cybersecurity firm UpGuard. It amounted to millions of files, many on sensitive FBI investigations, all of which were left wide open on a server with no password, accessible to anyone with an internet connection

Outcome: This matter is under investigation, and the department has no further comment at this time. Having been informed of the exposure in mid-December, the commission swiftly removed the server from the public internet.