back to article Sheriff's Department database leak puts snitches at risk

A Colorado sheriff's department mistakenly exposed a sensitive database that contained names, addresses and other details on about 200,000 people, including confidential drug informants. Thousands of pages of confidential information collected by the Mesa County Sheriff's Department were vulnerable from April until November 24, …

COMMENTS

This topic is closed for new posts.
Grenade

Shiiiiiiiiit

String

0
0

I see

Sounds like "who can we blame... that guy who quit a while back"

Like when any office screw up is blamed on "my predecessor" or the work experience kid.

4
0
Silver badge

As a sys admin

I have transferred sensitive information to what I had been assured was a secure server. I wasn't so sure, the server was in another city and not one I had control over. Second guessing superiors in the work place is a precarious practice, but I have never been one for thinking that rules/laws are immutable. I conducted a password audit against the server I was to use. I couldn't believe that administrator password was... "admin".

1
0
Anonymous Coward

Very subtle!

And was the User Name "password" ?

1
0
Silver badge

I was thinking

of calling my next cat password. It's better than using "Tiddles" for my banking logon ;-)

The "admin" password was on the local admin account, it hadn't been changed after the server build.

1
0
Anonymous Coward

Better money?

"The employee who transferred the file no longer works for the sheriff's department"...

... he was offered a much better job by drug dealers.

Does that mean that 200,000 people will be put on witness protection? They could always build a new city and send them all there, noone will know!

0
0
FAIL

" The employee ........ no longer works for the sheriff's department."

If this little snafu catches up with them, said employee may not be working anywhere else in IT either.

0
0
Bronze badge

Wow. This could spawn a new leaks site:

"WiCKED Leaks"

I bet Mesa County i in a MESS. The DOJ and DEA probably are in a cataleptic fit, or are out taking some form of drug now just to be able to wake up sane over this horrible mistake.

Didn't the sysadmin believe in post-work-check-ups? Actually, when databases of this type are moved around, the DEA, FBI, and DOJ should be checklist-partners to make sure the connections are secure. Not necessarily they would access the data itself (never know if one of their own is playing both sides), but just to verify as a sanity check that nothing was overlooked.

0
0
Gold badge

Well,

at least they canned the person that made such a major mistake, instead of just whitewashing over it and pretending it wasn't a big deal.

In all seriousness, though, if I were running a system where security was this important, and there were private and public networks, I think I would color code the jacks so I could not accidentally plug into the wrong network.

0
0
Black Helicopters

The employee who transferred the file no longer works for the sheriff's department.

I hope they hunt him down and deal with him as they have Julian Assange - surely there are more Swedish ladies who could be persuaded to file complaints?

3
0
Bronze badge

No kidding

"The employee who transferred the file no longer works for the sheriff's department."

So he's not locked up for gross negligence, eh? Or was it that his name was added to the list on the insecure secure server and left there when the other stuff was moved?

0
0
FAIL

Inference

That the employee is no longer working there is not necessarily a consequence of the data leakage.

That the system was believed to be secure is not neccessarily an indictment on the employee no longer there.

0
0
Silver badge
FAIL

Mesa County Sheriff's Department

I'm seeing Boss Hog as the Sheriff...

2
1
Silver badge

Wrong guy.

You're thinking Rosco Coltrane (who, anyway, is in JD Hogg's pocket and is an in-law to boot).

2
0
Stop

Almost

That's Rosco P. (Purvis) Coltrane

Dropping the P is a jailable offence.

2
0

"A system administrator moved the database to what was believed to be a secure server"

What we have here is a failure to communicate!

1
0
WTF?

fail

I can't believe that this data was accessible from April to November before someone caught on. Surely common sense dictates that any database containing sensitive data should be checked for integrity and security on a regular basis?

0
0
This topic is closed for new posts.

Forums