Data Exposure at Oklahoma Department of Securities
In a significant cybersecurity incident, a substantial dataset belonging to the Oklahoma Department of Securities (ODS) was left vulnerable on an unsecured storage server for a prolonged period, exposing approximately 3 terabytes of sensitive information. This breach, identified by Greg Pollock, a researcher at cybersecurity firm UpGuard, made confidential files from the Oklahoma Securities Commission and sensitive FBI investigations publicly accessible without any password protection.
The exposed data includes critical information, such as emails, Social Security numbers, names, and addresses of about 10,000 brokers, as well as remote access credentials for ODS workstations. Furthermore, the server contained communications intended for the Oklahoma Securities Commission and personal details linked to AIDS patients, revealing an alarming breadth of sensitivity in the compromised data.
While Pollock could not determine the exact duration for which the server was exposed, the Shodan search engine indicated that the server had been publicly accessible since November 30, 2018—approximately one week prior to its discovery on December 7. The UpGuard research team promptly alerted the ODS, which acted swiftly to eliminate public access to the unsecured server. However, it remains uncertain whether any unauthorized individuals accessed the exposed data during that time.
Security experts at UpGuard have articulated concerns that such a breach could inflict severe repercussions on the integrity of the department’s network. The compromised data, as stated in their findings, encompasses information generated over several decades, with the oldest records dating back to 1986 and the most recent modifications observed in 2016. This extensive history underscores the potential for significant harm.
The vulnerability originated from an unsecured rsync service registered to the Oklahoma Office of Management and Enterprise Services, allowing unrestricted download capabilities to anyone knowing the server’s address. In addition to the sensitive files, UpGuard also uncovered passwords for accessing the state agency’s workstations, along with a spreadsheet detailing login credentials for various internet services, including popular antivirus software.
In light of this incident, the Oklahoma Securities Commission issued a press release acknowledging the “accidental vulnerability” and confirming that immediate actions were taken to secure the server. The agency is conducting a forensic investigation to assess the extent of the data exposure and is collaborating with law enforcement and the Oklahoma Office of Management and Enterprise Services.
The Commission is further exploring remedial measures for affected individuals and is committed to reviewing and revising internal security protocols to prevent such breaches in the future. The incident highlights pressing cybersecurity risks for governmental agencies and underlines the necessity for rigorous security oversight and practices.
From a cybersecurity tactics perspective, the incident raises questions regarding initial access and potential exploitation of persistent vulnerabilities, resonating with techniques outlined in the MITRE ATT&CK framework. Adversaries could have leveraged these methods to infiltrate and exploit the unsecured server, emphasizing the need for heightened vigilance in cybersecurity practices within public sector agencies.
In conclusion, as the investigation unfolds, the long-term implications of this data breach serve as a critical reminder for organizations to reinforce their cybersecurity measures, ensuring that sensitive information is adequately protected against potential unauthorized access.
