Data leak embarrasses Colorado sheriff, terrifies informants

Found on Ars Technica on Monday, 13 December 2010

A database leak in Mesa County, Colorado has left the personal information of 200,000 people in jeopardy. And not just any 200,000 people - these are suspects, victims, and informants working with the sheriff's department to out other criminals.

According to the Associated Press, the employee had copied over the database in the form of a giant text file with everyone's information available in plaintext, assuming that the target server was secure.

Police, along with the FBI and Google (apparently thanks to Google's Web crawler, which indexed the data), are now working to figure out who could be in jeopardy thanks to the leak.

The target server may have been secure, but since Google's bot indexed the file it is pretty obvious that the employee parked the data in a web-accessible directory. Perhaps even with the totally unsuspicious and hard to guess filename "secret.sql". This leak was not a matter of security, but a clear lack of brain. One simply does not store unencrypted confidental data in an Internet-facing location.

Browse all articles« Previous « » Next »