Sensitive details of police operations posted on City of West Palm Beach’s site in redaction #FAIL
In researching a current story about Palm Beach County law enforcement personnel’s details being exposed/dumped, I stumbled across a breach from last year that hadn’t shown up in my usual news searches. So better late than never, here it is.
On September 13, 2015, Jose Lambiet reported:
For three long hours Friday morning, thousands of pages detailing secret law enforcement plans to take down local drug and gambling gangs — including the names of confidential informants and undercover agents — were published on the city of West Palm Beach’s official website, Gossip Extra has learned exclusively.
Obviously, it was by mistake — but it took frantic calls from police and even the federal Drug Enforcement Administration to get the documents off the website that city officials use to communicate with residents.
Over the weekend, Palm Beach County Sheriff’s officials and West Palm Beach Police higher-ups were scrambling to find their confidential informants to warn them of the potentially-deadly security breach.
It seems 2,000 emails (8,000 pages) had been intentionally made publicly available on the city’s website, wpb.org, in response to a request from a television station, but the individual responsible for responding to the request had failed to redact the files for sensitive information.
Why is this important now? Well, police and judges in south Florida have had their information exposed online again, but this time, the data were allegedly hacked and dumped by one or more individuals in Russia, allegedly acting in retaliation over the Palm Beach County Sheriff’s Office treatment of a former deputy.
And that is a story in and of itself… one that DataBreaches.net is working on for future publication. For now, I think it’s reasonable to ask whether law enforcement in south Florida is deploying adequate infosecurity defenses and incident response.