
A massive cache of law enforcement personnel data has leaked - LinuxBender
https://www.zdnet.com/article/a-massive-cache-of-law-enforcement-personnel-data-has-leaked/
======
abhiminator
>The database dates back to April 2017 and was uploaded a year later to a web
server, believed to be owned by the organization, with no password protection.

A hallmark of negligence right there. Hard to grasp why the protocols weren't
followed in this specific instance by Texas State University (which was
hosting the database) given the extreme sensitivity of the information content
and adverse fallout that could result -- public exposure of personally
identifiable information of thousands of law enforcement personnel across the
country.

A perfect example of what happens when data security and integrity protocols
are taken for granted.

~~~
a3n
> Hard to grasp why the protocols weren't followed in this specific instance

My ignorant guess, someone who could have made an active decision instead
vaguely thought "we're not that interesting, who would even know we exist, it
would take time and money to learn how or find someone who knows ...
squirrel!"

~~~
abhiminator
Relying solely on security by obscurity is an extremely sub-optimal method of
guarding sensitive data. It's better to be safe than sorry in every instance
when it comes to private information imo.

------
fosco
it would be interesting if someone created a "Have I Been Pwned" service for
these types of leaks, does anyone know if one exists?

~~~
jgroszko
Between Equifax and today Exactis both leaking 300M+ records it's not really a
question of if, but rather how many times have I been pwned...

~~~
Bartweiss
As of now, there are 3 major data leak stories on the HN front page _at the
same time_.

Passwords can at least be changed, but data leaks are basically entropic;
there's no way to reverse the damage. I don't want to stop holding leak
sources accountable for what they lose, but from a personal viewpoint I'm now
more interested in mitigation than prevention...

~~~
rhizome
_I don 't want to stop holding leak sources accountable for what they lose_

Where is this happening? I'm not aware of any company being prosecuted (or
even penalized in any significant way) for releasing data.

~~~
Bartweiss
I meant socially, as a tech community - I'm wondering how to strike a balance
between "realistically, your information _will_ get leaked, plan accordingly"
and "but that doesn't make it okay".

Legally, or even on a consumer level, I don't see any kind of meaningful
consequence. And the rate of data loss probably won't go down until that
changes.

------
azertyxxx
I wouldn't call it a leak, as the data is nowhere to be found.

------
snomad
Having received 10s of millions on grants since 2002...

------
joering2
Site is experiencing choke of HN frontpage I think.

Feels like this is serious crime. If caught, any idea what would be penalty
for such abuse? 20 years Feds club?

~~~
dsfyu404ed
>Feels like this is serious crime. If caught, any idea what would be penalty
for such abuse? 20 years Feds club?

I don't know why you're getting down-voted. Crimes that in even the most
trivial way victimize cops get prosecuted super aggressively.

