BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

it wasn't just e-mailed data for the SAIC breach...

From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Jul 2007 23:53:22 +0000 (UTC)

http://www.saic.com/response/qa.html

[..]

The information was for work being done in connection with TRICARE, the 
health benefits program for the uniformed services, retirees and their 
families. The server was not behind a firewall and did not contain 
adequate password protections, which is in violation of SAIC policy. SAIC 
stopped using this server when security concerns were raised.

[..]


---

So the information was on an FTP server, not protected by firewall, and 
had inadequate passwords. Combine with that the fact they notified 580,000 
people and this doesn't sound like the information "may" have been 
compromised...
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 214 million compromised records in 730 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: