BreachExchange mailing list archives
it wasn't just e-mailed data for the SAIC breach...
From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Jul 2007 23:53:22 +0000 (UTC)
http://www.saic.com/response/qa.html [..] The information was for work being done in connection with TRICARE, the health benefits program for the uniformed services, retirees and their families. The server was not behind a firewall and did not contain adequate password protections, which is in violation of SAIC policy. SAIC stopped using this server when security concerns were raised. [..] --- So the information was on an FTP server, not protected by firewall, and had inadequate passwords. Combine with that the fact they notified 580,000 people and this doesn't sound like the information "may" have been compromised... _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 214 million compromised records in 730 incidents over 7 years.
Current thread:
- it wasn't just e-mailed data for the SAIC breach... security curmudgeon (Jul 20)