Oklahoma Department of Corrections leaks personal data from website

Thousands of residents of Oklahoma state in the US have found their personal details have been freely available on the web for three years.

Thousands of residents of Oklahoma state in the US have found their personal details have been freely available on the web for three years.

The data includes their names, social security numbers and other personal information.

The source of the leak is Oklahoma's Department of Corrections website.

Anyone with a basic knowledge of SQL programming could interpret the URL and other data returned by Oklahoma's Department of Corrections (DoC) website.

Amending the long URLs returned by the site, a hacker could retrieve tens of thousands of social security numbers and allied data from the site.

Fredrick Lee, a software security researcher at Fortify Software, said the origin of the problem was poor coding on the state's DoC website.

"This is a classic SQL injection vulnerability," he said, adding that the security lapse could easily have been caught with a simple code review.

According to Lee, had some form of automated analysis been used on the site, the incident could have been avoided.

"The sad thing is that vulnerabilities like these indicate to attackers that other related applications and organisations are probably vulnerable as well," he said.

Essential guide to security policy>>




Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close