There’s a bit of an unusual development to an incident that was first reported on DataBreaches.net. As reported previously, The leak of data on AWS from Systema Software impacted numerous individuals who filed insurance claims – primarily in California, Kansas, and Utah. In addition to personal and financial information, the leak also exposed proprietary information such as legal defense strategies.
The researcher who discovered the leaky bucket was identified as “TE” in DataBreaches.net’s original report, but has since gone public with his real name, Chris Vickery. Chris, a Texas resident, informs DataBreaches.net that in the process of notifying agencies and entities of the leaking data, he had also notified the Texas Attorney General’s Office.
And that’s where the story takes an unusual turn, because that office subsequently hit Chris with a Civil Investigative Demand that he turn over the external hard drive to which he had downloaded the data.
See the CID. Page 1 and Exhibit A.
What they plan to do with it is unknown to this site and while it may offer Systema and its clients some measure of safety that the data are now in a state’s hands, I hope this doesn’t interfere with any regulator investigations into the incident.
So far, I still haven’t seen any public notifications from any of the affected entities or from Systema Software, but DataBreaches.net will continue to follow developments in this incident.