BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UK: Security breach hits thousands

From: Chris Walsh <chris () cwalsh org>
Date: Fri, 27 Jul 2007 22:29:44 -0500
Some more details:

A security blunder at Newcastle City Council has exposed the credit  
and debit card details of up to 54,000 people online.

The breach was discovered on 19 July after the council hired an  
independent security expert to try and crack its systems. The  
security exercise found an encrypted file containing names,  
addresses, and credit and debit card numbers had been mistakenly  
placed on an insecure server.

An internal investigation also revealed the file with all the card  
details had been accessed and uploaded to a computer IP address  
registered in Israel. Newcastle City Council claims there is no  
indication of any fraud on the affected cards.

The file contained details of payments for council tax, business  
rates, parking fines and rents for more than a year between February  
2006 and April 2007. The council has informed the banks, police and  
the Information Commissioner about the breach and said a full  
investigation into the security breach is underway.

[...]

http://software.silicon.com/security/0,39024655,39167978,00.htm


On Jul 26, 2007, at 8:03 AM, lyger wrote:



http://icnewcastle.icnetwork.co.uk/chroniclelive/eveningchronicle/ 
tm_headline=security-breach-hits- 
thousands&method=full&objectid=19522958&siteid=50081-name_page.html

A COUNCIL computer blunder has led to a serious breach of security for
credit and debit card holders on Tyneside.

Police and security experts have been called in after details of  
thousands
of people's cards were downloaded to an address which has been  
traced to
the Middle East.

As a result of the mistake, millions of financial records held by
Newcastle City Council have been accessed and up to 54,000  
individual card
holders are affected.

Information was placed in error on an open server site which could be
accessed by outsiders instead of a secure network. The site was  
shut down
as soon as the problem was discovered.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 220 million compromised records in 734 incidents  
over 7 years.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 220 million compromised records in 734 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: