BreachExchange mailing list archives
Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park
From: security curmudgeon <jericho () attrition org>
Date: Wed, 11 Mar 2009 21:56:50 +0000 (UTC)
[This title is very misleading. From what I read, the source code to a web site was found on the drive, not details of 12 million. If a bad person got ahold of this information, they could then access the web site and the 12 million records. While the memory stick was 'handed in', there aren't enough solid details to indicate how long the stick was gone, if contents were copied, and who turned it in. - jericho] http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stick-secret-personal-data-12million-pub-car-park.html Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park By Daniel Boffey Last updated at 3:05 PM on 02nd November 2008 Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. [..] The Department for Work and Pensions insisted that the system's security has not been breached, but a computer expert told The Mail on Sunday that in the wrong hands the data on the memory stick could enable hackers to access personal details of the 12million people who have registered on the system, including their passwords. [..] Another article: http://www.scmagazineuk.com/Lost-USB-stick-contained-complete-source-code-for-gateway/article/120283/ Jacques Erasmus, director of malware research at Prevx, claimed that the 4GB stick was almost full and the data was not encrypted. Studying it at the offices of the Mail on Sunday, whom the stick was handed into after being found in a car park, Erasmus claimed that the government were not taking the contents and loss seriously. [..] The most shocking thing was that the source code for the gateway was on there, this included code for the website, service commands and modules. So any hacker could get the source code as it was not secured and exploit the service. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park security curmudgeon (Mar 11)