follow-up: Texas company lays out 'hacking' case against Minnesota Public Radio

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.minnpost.com/braublog/2009/12/15/14315/texas_company_lays_out_hacking_case_against_minnesota_public_radio

By David Brauer
minnpost.com
Dec 15 2009

Do Minnesota Public Radio and reporter Sasha Aslanian realistically face 
civil and criminal penalties after uncovering a Texas firm’s security 
breaches involving state of Minnesota job-seeker data?

Lookout Services - which acknowledges an October security breach and 
subsequent security weaknesses - claimed in a Dec. 14 statement that their 
data was "illegally compromised." The company - which notes "only the 
Minnesota Public Radio reporter viewed" some data and wants MPR to 
disclose what was viewed - will "aggressively seek prosecution for this 
egregious act," according to the statement.

In a Dec. 11 report, Aslanian said she was able to see "employee names, 
birth dates, Social Security numbers and hire dates" on Lookout's web site 
"without using a password or encryption software."

Lookout CEO Elaine Morley says that’s not the whole truth. She contends 
Aslanian did use a password and ID to penetrate Lookout's security - and 
told Morley so during a Dec. 7 phone call. Later, Morley asserts, Aslanian 
used information from that penetration to view the state data, even though 
she didn’t need a password or encryption that time.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php