A Colorado sheriff's department mistakenly exposed a sensitive database that contained names, addresses and other details on about 200,000 people, including confidential drug informants. Thousands of pages of confidential information collected by the Mesa County Sheriff's Department were vulnerable from April until November 24, …
Sounds like "who can we blame... that guy who quit a while back"
Like when any office screw up is blamed on "my predecessor" or the work experience kid.
I have transferred sensitive information to what I had been assured was a secure server. I wasn't so sure, the server was in another city and not one I had control over. Second guessing superiors in the work place is a precarious practice, but I have never been one for thinking that rules/laws are immutable. I conducted a password audit against the server I was to use. I couldn't believe that administrator password was... "admin".
And was the User Name "password" ?
of calling my next cat password. It's better than using "Tiddles" for my banking logon ;-)
The "admin" password was on the local admin account, it hadn't been changed after the server build.
"The employee who transferred the file no longer works for the sheriff's department"...
... he was offered a much better job by drug dealers.
Does that mean that 200,000 people will be put on witness protection? They could always build a new city and send them all there, noone will know!
If this little snafu catches up with them, said employee may not be working anywhere else in IT either.
I bet Mesa County i in a MESS. The DOJ and DEA probably are in a cataleptic fit, or are out taking some form of drug now just to be able to wake up sane over this horrible mistake.
Didn't the sysadmin believe in post-work-check-ups? Actually, when databases of this type are moved around, the DEA, FBI, and DOJ should be checklist-partners to make sure the connections are secure. Not necessarily they would access the data itself (never know if one of their own is playing both sides), but just to verify as a sanity check that nothing was overlooked.
at least they canned the person that made such a major mistake, instead of just whitewashing over it and pretending it wasn't a big deal.
In all seriousness, though, if I were running a system where security was this important, and there were private and public networks, I think I would color code the jacks so I could not accidentally plug into the wrong network.
I hope they hunt him down and deal with him as they have Julian Assange - surely there are more Swedish ladies who could be persuaded to file complaints?
"The employee who transferred the file no longer works for the sheriff's department."
So he's not locked up for gross negligence, eh? Or was it that his name was added to the list on the insecure secure server and left there when the other stuff was moved?
That the employee is no longer working there is not necessarily a consequence of the data leakage.
That the system was believed to be secure is not neccessarily an indictment on the employee no longer there.
I'm seeing Boss Hog as the Sheriff...
You're thinking Rosco Coltrane (who, anyway, is in JD Hogg's pocket and is an in-law to boot).
That's Rosco P. (Purvis) Coltrane
Dropping the P is a jailable offence.
What we have here is a failure to communicate!
I can't believe that this data was accessible from April to November before someone caught on. Surely common sense dictates that any database containing sensitive data should be checked for integrity and security on a regular basis?