Information Security News mailing list archives
Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 13 Sep 2010 00:39:53 -0500 (CDT)
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227400151 By Ericka Chickowski Special To Dark Reading DarkReading Sept 10, 2010 Hundreds of thousands of attendees at the 2006 World Cup in Germany were put at risk of identity theft, though the major breach of a FIFA database was only recently uncovered. Initially reported by Norwegian newspaper Dagbladet, the breach came to light when an employee of the firm in charge of World Cup 2010 ticketing circulated an e-mail peddling more than 250,000 2006 World Cup customer details, including such personal information as birth dates and passport information. According to Rob Rachwald, director of security strategy at database monitoring firm Imperva, the interesting hook to this story is that the customer data in question came from the Germany event four years ago and not the South African World Cup last summer. He says the event is indicative of a number of failures, including carelessness with older databases and unused data, a failure to think beyond the conclusion of the event, and a failure to have a full data security protection and destruction strategy. "At the end of the '06 World Cup, a data destruction process should have been performed, and it clearly didn't occur to anyone [with FIFA or its IT firm]," Rachwald says. "[A good strategy should] identify what you have, attach risk and design a protection and destruction program." [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details InfoSec News (Sep 12)