Coming in second place was the Pentagon (you know, the government organization charged with defending the country), up from No. 4 in 2017. A Government Accountability Office (GAO) audit found, among other things, that some weapons systems had software protected with default passwords that could be found via a Google search.
Cryptocurrency owners, Nutella and U.K. law firms round out the top five, respectively. The list also includes the state of Texas, at No. 6, for storing sensitive voter information on a server with no password protection. Information such as addresses and voting history for 77 percent of registered voters was potentially exposed.