Late last year the Oklahoma Department of Securities (ODS) failed to secure 3 terabytes of data, including confidential case data and sensitive FBI investigations. The server was open to public access for approximately one week before a security researcher notified the department and the server was secured.
The data contained social security numbers, names and addresses of 10,000 brokers, credentials to remotely access ODS workstations, departmental internal communications, and identifiable information about AIDS patients. The data was dated between 1986 and 2016.
In response to the incident, the Oklahoma Securities Commission advised that “The Oklahoma Department of Securities (ODS) has initiated a comprehensive review of the circumstances surrounding an incident involving the inadvertent exposure of information during installation of a firewall. A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them.”
Even the most security-conscious organisations responsible for cyber-safety can overlook data security, highlighting the need for monitoring your organisation’s internet-facing devices.
Agilient has experienced cybersecurity auditors and consultants to assist in setting up and reviewing your Internet monitoring services.
Author: David Steele, Agilient Cyber Security Consultant