Oklahoma Breach Exposes Decades Old Records

In December of last year, the Oklahoma Securities Commission learned that millions of sensitive files were left publicly exposed on one of their storage servers. Covering a broad sweep of disparate areas, the problem was fixed a day later, but not before thousands of email backups and images were left unprotected. Some of these files were long forgotten, dating back to 1986, and included highly sensitive life insurance information on terminally ill AIDS patients, FBI investigation and interview files, and 10,000 Social Security numbers.

Any user from any IP address could download all the files stored on the server through a door left wide open via an unsecured sync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services. This is the easy pickings hackers troll for, using tools that allow them to specifically find vulnerable devices connected to the internet. It’s like leaving the front door of your house open with a sign that says, “No one home, come on in.”

Even with the door wide open, the department could have prevented this legacy data, as well as new data, from being exposed using Spirion rapid data discovery and accurate classification.

Spirion’s easy-to-use, wizard-driven interface automatically remediates and manages the sensitive data stored on networks and in the cloud — even the data that has long been forgotten about. With industry-leading AnyFind technology, organizations can stop leaks at their source, encrypting, shredding, redacting, or securing sensitive data in a quarantined location.

Learn more about how sensitive data protection solutions.