Oops: Did Rudder Just Send Your Financial Data to Someone Else?

[security curmudgeon <jericho () attrition org>]

http://mashable.com/2009/05/19/rudder-security-breach/

Oops: Did Rudder Just Send Your Financial Data to Someone Else?
May 19th, 2009 | by Adam Ostrow

Some Web apps have more margin for error than others. For apps that deal 
with highly personal data  like financial planning applications  that 
margin is very slim.

Rudder, one of many apps that competes in this space, may have just 
committed a huge blunder today: sending users confidential financial 
information to the wrong people.

Judging from the emails weve seen, account numbers dont seem to be 
exposed, but you do get the full details on someone elses finances  their 
salary, their debts, their bank balance, and where they shop. Needless to 
say, this could be a huge breach of security for Rudder users, and would 
create a difficult to overcome PR nightmare.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php