Troubled Dot-Coms May Expose Confidential Client Data

[InfoSec News <isn () c4i org>]

Forwarded by: William Knowles <wk () c4i org>

http://www.newsfactor.com/perl/story/12612.html

Jay Lyman 
August 08, 2001 

Following rumors of sensitive data remaining on the hard drives of
auctioned company computers, Internet consultant Viant Corp. is
investigating whether confidential client or cororate information was
placed at risk.

Word of the ex-corporate computers that still contained company
information first came to the Web site F***edcompany.com, according to
site founder Phil Kaplan, who told NewsFactor Network that the
anonymous tips came from "some people who had their laptops auctioned
and from people who bought laptops."

Kaplan said his site was also informed of a similar situation with
now-defunct MarchFirst, an interactive consulting agency that fell
victim to the dot-com implosion and was forced to sell off assets
earlier this year.

To the Bottom Of It

A spokeswoman for Boston-based Viant said the company outsourced the
sale of fewer than 100 computers to auctioneer Dovebid when Viant
closed a San Francisco office in the spring of this year.

"They are under contract to wipe or clean the hard drives so there are
no remaining files," Viant's Connie Bienfait told NewsFactor. "We are
looking into any chance that wasn't done completely. We believe it
[was], but we are taking this very seriously."

Viant, whose corporate clients include Lucent, Compaq and Kinko's, is
working with Dovebid to find out if any client materials have been
compromised, Bienfait said.

"We would only be concerned if there were files that were able to be
entered," she said, adding most files would be protected by passwords
and hard to access.

Situation Unclear

Dovebid spokeswoman Lisa Hawes told NewsFactor that the source of the
breached data rumors made the issue unclear.

"You never know how much of that is true and how much isn't," she
said.

Still, the auction company is working with Viant to investigate the
matter, according to Hawes, who likened the computer data to something
left in the drawer of an auctioned desk.

"They're indemnified," she said of Forest City, California-based
Dovebid. "They don't actually purchase the items from the customer.
They're just the intermediary."

Erasure Priority

The erasure of confidential, sensitive or potentially embarrassing
information on an old computer hard drive is one of the main concerns
of companies that auction equipment, according to TechSmart vice
president of product sales Tom Sager, whose Long Island, New
York-based company is involved in asset value recovery for IT
equipment.

"For people who are retiring equipment, that's usually one of the top
two or three hot buttons in getting it done right," Sager told
NewsFactor. "This is pretty high on the list."

While he called full erasure of data standard operating procedure,
Sager said the fast demise of some companies and less scrupulous
practices -- employee sales or equipment movement -- can lead to
compromised data.

Can't Keep Track

Electronic Privacy Information Center (EPIC) legislative counsel Chris
Hoofnagle told NewsFactor the issue highlights weak privacy protection
in the U.S.

"The problem here is most of the practices -- because of weak
legislation -- allow the transfer of data without authorization or
auditing," he said, adding most transactions are not brought into
public light.

Hoofnagle said that while EPIC does not believe corporations have a
right to privacy, the employees of the companies involved may have
personal information included in the data on computers for sale.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.