Demon splurges details of 3, 600 customers in billing email

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2009/09/23/demon_password_giveaway/

Demon splurges details of 3,600 customers in billing email
Passwords too

By John Oates
Posted in Enterprise Security, 23rd September 2009 10:30 GMT

Demon Internet sent thousands of business and government subscribers an 
email this morning telling them all about a new e-billing system, and 
tacked on details, including passwords, for 3,600 customers.

The email - supposedly from Simon Blackburn Demon's director of customer 
service - has been sent to customers opting for e-billing. It includes a 
guide to the new service along with user names and passwords.

But the email also has a .csv attachment with 3,681 customer records on 
it. Entries include names, emails, telephone numbers and what looks very 
like a user name and password.

There are records for New Scotland Yard and other police forces, Alder Hey 
Children's Hospital and local councils.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php