- FBI files were left exposed in a massive data breach stemming from the Oklahoma government, a cybersecurity firm says.
- The company, UpGuard, says it discovered in December that the Oklahoma Department of Securities left millions of files unprotected on a public server.
- UpGuard’s researchers called the Oklahoma department’s handling of the data breach “irresponsible.”
Millions of files pertaining to sensitive FBI investigations were left exposed on an unprotected internet server, cybersecurity researchers say.
The data breach stems from an Oklahoma state-level agency, which failed to properly protect three terabytes of “all sorts of archive enforcement actions,” Forbes reports. The millions of files contained information from FBI case files dating back to 2012, including interviews, witness statements, and bank transaction histories.
Additionally, the breach exposed email archives, thousands of social security numbers, and data all the way back to the 1980s, the cybersecurity company UpGuard wrote in a blog post.
UpGuard says it uncovered the breach back in December and notified the affected government agency, the Oklahoma securities department. The exposed data was stored on a state-agency server that wasn’t properly secured with a password, meaning the information on it was accessible for anyone to see and download.
Although the affected department did remove public access to the server in response, authorities failed to check whether exposed information had been downloaded or misused, UpGuard told Forbes.
“It represents a compromise of the entire integrity of the Oklahoma Department of Securities’ network,” UpGuard researcher Chris Vickery told Forbes. “It affects an entire state level agency … It’s massively noteworthy.”
The Oklahoma securities department told Forbes the matter was “under investigation,” but refused to comment any further.
In a statement to Forbes, the FBI said: “Adhering to Department of Justice policy, the FBI neither confirms nor denies any investigation.”