funsec mailing list archives
"As soon as we heard about the attorneys, we... fixed it"
From: The Security Community <thesecuritycommunity () gmail com>
Date: Fri, 25 Jun 2010 23:31:46 -0400
I love that line! http://www.esecurityplanet.com/news/article.php/3889951/Anthem-Blue-Cross-Cops-to-Massive-Data-Breach.htm A sloppy website upgrade is being blamed this week for a data breach that left the most sensitive personal information of more than 230,000 Anthem Blue Cross members exposed for more than five months. Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn't access members' medical records and Social Security numbers. "We were told by a third-party vendor that all security measures were in place," Cynthia Sanders, an Anthem spokeswoman, said in a statement. As it turns out, visitors were able to access the personal information of the more than 230,000 people who had pending insurance applications in the Anthem system. But it wasn't until attorneys filed a class action suit on behalf of the violated members that Anthem became aware of the data breach. A subsequent internal investigation revealed that at least one affected member and his or her attorneys managed to infiltrate the website repeatedly to access what was supposed to be secured data. "As soon as we heard about the attorneys, we went in, discovered the problem and fixed it immediately," Sanders said. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "As soon as we heard about the attorneys, we... fixed it" The Security Community (Jun 25)