Shiiiiiiiiit
String
A Colorado sheriff's department mistakenly exposed a sensitive database that contained names, addresses and other details on about 200,000 people, including confidential drug informants. Thousands of pages of confidential information collected by the Mesa County Sheriff's Department were vulnerable from April until November 24 …
I have transferred sensitive information to what I had been assured was a secure server. I wasn't so sure, the server was in another city and not one I had control over. Second guessing superiors in the work place is a precarious practice, but I have never been one for thinking that rules/laws are immutable. I conducted a password audit against the server I was to use. I couldn't believe that administrator password was... "admin".
"The employee who transferred the file no longer works for the sheriff's department"...
... he was offered a much better job by drug dealers.
Does that mean that 200,000 people will be put on witness protection? They could always build a new city and send them all there, noone will know!
"WiCKED Leaks"
I bet Mesa County i in a MESS. The DOJ and DEA probably are in a cataleptic fit, or are out taking some form of drug now just to be able to wake up sane over this horrible mistake.
Didn't the sysadmin believe in post-work-check-ups? Actually, when databases of this type are moved around, the DEA, FBI, and DOJ should be checklist-partners to make sure the connections are secure. Not necessarily they would access the data itself (never know if one of their own is playing both sides), but just to verify as a sanity check that nothing was overlooked.
at least they canned the person that made such a major mistake, instead of just whitewashing over it and pretending it wasn't a big deal.
In all seriousness, though, if I were running a system where security was this important, and there were private and public networks, I think I would color code the jacks so I could not accidentally plug into the wrong network.