Wednesday 23 September 2009

Why hack a database when the data is being given away!

Here at Secerno we spend all our time helping our customers protect databases to ensure that they keep their precious data safe. For an Internet Service Provider (ISP) like the U.K.’s Demon, precious data includes username and password information that their customers use to access services. Something certainly worth protecting!

Imagine my horror to learn that "Demon's director of customer service" has emailed 3,681 of their customers and attached the list of user details for the 3,681 customers. This is not an attack to steal data – this is an appalling example of a data leak caused by “human error”.

In the paperless office empowered by an IT world this sort of thing is so easy to do. Imagine “accidentally” stuffing printed client lists in a paper-based mail-out to customers in the good-old-days of paper systems. Unlikely. Let us wait and see if there is any legal action. The U.K. legal framework lacks the teeth to really bite.

Data security goes beyond defending against malicious attack – it also must defend well intentioned fools.