View Full Version : Oklahoma Leaks Social Security Numbers on Sex Offender Registry



OKCCrime
04-16-2008, 03:57 PM
A SQL faux pas for the state.
Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data - The Daily WTF (http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx)

Martin
04-16-2008, 04:38 PM
after reading the article, let me just say that the method of coding the searches was way past 'faux pas' territory and was downright stupid on the part of the 'programmer' involved. if this person is a state employee, i sincerely hope they are no longer gainfully employed.

-M

OKCCrime
04-16-2008, 05:00 PM
after reading the article, let me just say that the method of coding the searches was way past 'faux pas' territory and was downright stupid on the part of the 'programmer' involved. if this person is a state employee, i sincerely hope they are no longer gainfully employed.

-M

Agreed. Apparently the work was contracted out a long time ago to a company that no longer exists.However, if you read the state review of the DOC IT department from some time ago that one of the article commenters points out, DOC knew about serious problems with the system and didn't do anything to correct it.

Oh GAWD the Smell!
04-16-2008, 08:53 PM
Well if there's anybody's identity that I'd want to be stealing....

OKCCrime
04-16-2008, 09:42 PM
Well if there's anybody's identity that I'd want to be stealing....

Yeah I know what you mean, but there are vigilantes out there that would give anything to get their hands on this information.

Martin
04-17-2008, 05:34 AM
the worst of it is that any person with a smidge of sql knowledge could add that co-worker he didn't like or delete himself.

-M

OKCCrime
04-17-2008, 07:51 AM
the worst of it is that any person with a smidge of sql knowledge could add that co-worker he didn't like or delete himself.

-M

Seems like anyone who was added to the list could make a pretty good case for public slander. That would be a very costly joke / revenge attack.

I noticed that this incident is already listed on wikipedia under SQL injection (http://en.wikipedia.org/wiki/SQL_injection) --- Oklahoma's little claim to infamy.

OKCCrime
04-18-2008, 10:11 PM
Looks like the DOC IT dept wants to clear the air...moderately interesting

WTF Comment 190574 (http://thedailywtf.com/Comments/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx?pg=5#190574)