back to article Sheriff's Department database leak puts snitches at risk

A Colorado sheriff's department mistakenly exposed a sensitive database that contained names, addresses and other details on about 200,000 people, including confidential drug informants. Thousands of pages of confidential information collected by the Mesa County Sheriff's Department were vulnerable from April until November 24 …

COMMENTS

This topic is closed for new posts.
  1. Semaj
    Grenade

    Shiiiiiiiiit

    String

  2. Lottie

    I see

    Sounds like "who can we blame... that guy who quit a while back"

    Like when any office screw up is blamed on "my predecessor" or the work experience kid.

  3. adnim

    As a sys admin

    I have transferred sensitive information to what I had been assured was a secure server. I wasn't so sure, the server was in another city and not one I had control over. Second guessing superiors in the work place is a precarious practice, but I have never been one for thinking that rules/laws are immutable. I conducted a password audit against the server I was to use. I couldn't believe that administrator password was... "admin".

    1. Anonymous Coward
      Anonymous Coward

      Very subtle!

      And was the User Name "password" ?

      1. adnim

        I was thinking

        of calling my next cat password. It's better than using "Tiddles" for my banking logon ;-)

        The "admin" password was on the local admin account, it hadn't been changed after the server build.

  4. Anonymous Coward
    Anonymous Coward

    Better money?

    "The employee who transferred the file no longer works for the sheriff's department"...

    ... he was offered a much better job by drug dealers.

    Does that mean that 200,000 people will be put on witness protection? They could always build a new city and send them all there, noone will know!

  5. bugalugs
    FAIL

    " The employee ........ no longer works for the sheriff's department."

    If this little snafu catches up with them, said employee may not be working anywhere else in IT either.

  6. dssf

    Wow. This could spawn a new leaks site:

    "WiCKED Leaks"

    I bet Mesa County i in a MESS. The DOJ and DEA probably are in a cataleptic fit, or are out taking some form of drug now just to be able to wake up sane over this horrible mistake.

    Didn't the sysadmin believe in post-work-check-ups? Actually, when databases of this type are moved around, the DEA, FBI, and DOJ should be checklist-partners to make sure the connections are secure. Not necessarily they would access the data itself (never know if one of their own is playing both sides), but just to verify as a sanity check that nothing was overlooked.

  7. Henry Wertz 1 Gold badge

    Well,

    at least they canned the person that made such a major mistake, instead of just whitewashing over it and pretending it wasn't a big deal.

    In all seriousness, though, if I were running a system where security was this important, and there were private and public networks, I think I would color code the jacks so I could not accidentally plug into the wrong network.

  8. nyelvmark
    Black Helicopters

    The employee who transferred the file no longer works for the sheriff's department.

    I hope they hunt him down and deal with him as they have Julian Assange - surely there are more Swedish ladies who could be persuaded to file complaints?

  9. James O'Shea

    No kidding

    "The employee who transferred the file no longer works for the sheriff's department."

    So he's not locked up for gross negligence, eh? Or was it that his name was added to the list on the insecure secure server and left there when the other stuff was moved?

    1. Tin Pot
      FAIL

      Inference

      That the employee is no longer working there is not necessarily a consequence of the data leakage.

      That the system was believed to be secure is not neccessarily an indictment on the employee no longer there.

  10. Winkypop Silver badge
    FAIL

    Mesa County Sheriff's Department

    I'm seeing Boss Hog as the Sheriff...

    1. Charles 9

      Wrong guy.

      You're thinking Rosco Coltrane (who, anyway, is in JD Hogg's pocket and is an in-law to boot).

      1. TimNevins
        Stop

        Almost

        That's Rosco P. (Purvis) Coltrane

        Dropping the P is a jailable offence.

  11. Cunningly Linguistic

    "A system administrator moved the database to what was believed to be a secure server"

    What we have here is a failure to communicate!

  12. Dog Faced Boy
    WTF?

    fail

    I can't believe that this data was accessible from April to November before someone caught on. Surely common sense dictates that any database containing sensitive data should be checked for integrity and security on a regular basis?

This topic is closed for new posts.

Other stories you might like