A massive data breach was discovered at the Oklahoma Securities Commission, leaving an unsecured pathway to millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials to be purloined by potential black hats.
“By the best available measures of the files’ contents and metadata, the data was generated over decades, with the oldest data originating in 1986 and the most recent modified in 2016,” read a report summary released today by California-based cybersecurity firm UpGuard.
"It represents a compromise of the entire integrity of the Oklahoma Department of Securities' network," Chris Vickery, who heads research at UpGuard, told Forbes, which was the first publication to report on the data breach. "It affects an entire state level agency... It's massively noteworthy."
The big data disclosure, involving major corporations like AT&T, Goldman Sachs and Lehman Brother released Wednesday suggests that its Data Breach Research team confirmed that a server for the Oklahoma department, tasked with keeping tabs on all financial securities business in the state, was “publicly accessible” on Nov. 30 of last year.
By Dec. 7, UpGuard analysts “identified the server’s potential for sensitive content” and informed the department the next day.
The Oklahoma Securities Commission moved to take down “public access” that day so as to prevent “any further downloads,” the cybersecurity firm’s report states.
Vickery told Forbes the FBI files contained 7 years worth of "all sorts of archive enforcement actions.”
The FBI refused to engage when Forbes reached out.
"Adhering to Department of Justice policy, the FBI neither confirms nor denies any investigation," a spokesperson stated in an email.
The report found that in the three terabytes worth of vulnerable data at the fingertips of cyber pirates included spreadsheets “documenting the timeline for investigations by the FBI and people they interviewed” as well as training documents, emails and supporting files for Department of Securities investigations.
Most critical is the scale of intel dangling in the open.
“The amount, and reach, of administrative and staff credentials represents a significant impact to the Oklahoma Department of Securities’ network integrity,” the report on its findings reads.
Because of the discovery, that the exposure of the wealth of prized intel to potential malicious sorts didn’t drag on for long.
“The good news is that, while the contents of the server extended over years, the known period of exposure was quite short,” the report reads.