Data breaches and information leaks seem to happen on a daily basis. And your friends here at komando.com are constantly updating you about the latest cybersecurity incidents that may have compromised your data.
Alarmingly, hackers aren't always to blame for exposing our sensitive personal information. As proven in the past quite too often, companies and government agencies that fail to secure their websites and databases properly could be leaking your information in the open, too!
Read on and learn which government agency has leaked our sensitive data yet again.
Oklahoma Securities Commission Breach
Another massive data leak has been discovered, and this time, it exposed millions of records from the Oklahoma Securities Commission, including confidential files linked to FBI investigations from the last seven years, 17 years worth of email archives and thousands of Social Security numbers.
The breach was spotted last month by Greg Pollock, a researcher from cybersecurity specialist UpGuard, while scanning the web with Shodan. Similar to other database exposures of this type, the files were publicly available for anyone to view and they were not protected by any password.
Fun fact: Shodan is a free search engine tool used for tracking exposed ports, databases and vulnerable web-connected appliances.
Exposed data included sensitive FBI files
How critical is this information? Well, the Oklahoma Securities Commission handles all trading securities business for the state and ensures that companies are following the regulations that protect their customers from fraud.
Because of these responsibilities, the exposed data included FBI files which contained documents filled with timelines of interviews related to prior investigations, bank transaction histories and email records from entities related to cases.
The FBI documents also had mentions of large companies including AT&T, Goldman Sachs and Lehman Brothers. However, these companies were not linked to any security crimes but they likely worked with the FBI in some of the investigations.
The massive leak also included email archives that span 17 years, Social Security numbers and even data that dates back to the 1980s.
Poor security practices
Another alarming discovery is the poor security practices employed within the state government network itself.
According to the researchers, not only was the sensitive data left exposed without protection, the passwords for the computers on the Oklahoma government network were also revealed including passwords for remote access.
This is yet another reminder that although we take precautionary steps in our lives every day to stay protected from digital threats, large corporations and government agencies that handle massive caches of our personal information can still be oblivious about cybersecurity. Not a comforting thought, huh?
What to do after a data breach?
Exposed databases are nothing new and they seem to occur on a regular basis. Needless to say, if the information gets into the hands of scammers, it could lead to all kinds of malicious activity, including phishing scams. To protect yourself from the inevitable fallout, here are some suggestions:
Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
Close unused accounts - Here's an easy way to manage all of your online accounts at once.
Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
Podcast: This data breach will go down as one of the biggest in history
Have any of your online account credentials ever been stolen in a data breach? Since breaches are so common nowadays, there's a great chance they have, whether you know about it or not. That's why it's critical to know when a massive data breach happens, so you can take action. In this podcast, Kim talks about a data breach impacting hundreds of millions of email addresses, and yours could be one of them.