diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2009-04-18 19:07:50 +0000 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2020-05-23 13:38:13 +0000 |
| commit | 6af214cb115d03242444dfd3dc3be2fbbc2192af (patch) | |
| tree | c1fd156763a2d612a07dc321623f2021c5d934f3 /updates/2008/umfragetief.en.md | |
| parent | 7b556847b150430b282ce8d2a87889bf9246d0e9 (diff) | |
committing page revision 1
Diffstat (limited to 'updates/2008/umfragetief.en.md')
| -rw-r--r-- | updates/2008/umfragetief.en.md | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md new file mode 100644 index 00000000..bf254bb2 --- /dev/null +++ b/updates/2008/umfragetief.en.md | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet | ||
| 2 | date: 2008-07-04 00:00:00 | ||
| 3 | updated: 2009-04-18 19:07:50 | ||
| 4 | author: erdgeist | ||
| 5 | tags: update | ||
| 6 | |||
| 7 | The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants. | ||
| 8 | |||
| 9 | <!-- TEASER_END --> | ||
| 10 | |||
| 11 | As the magazine reports \[1\], it was possible for participants to read | ||
| 12 | master data records and consumer profiles without bypassing even basic | ||
| 13 | security measures. Access to the comprehensive survey results could be | ||
| 14 | gained by simply changing the customer ID number in the browser's | ||
| 15 | address bar. | ||
| 16 | |||
| 17 | Besides name and address, the data records included date of birth, email | ||
| 18 | address and phone number. Many records also included very sensitive | ||
| 19 | information: monthly income, education, bank account information, health | ||
| 20 | insurance data, if and which credit cards are used, which electronic | ||
| 21 | devices are used in the household, children's ages and yet more private | ||
| 22 | data. | ||
| 23 | |||
| 24 | "TNS Infratest made a beginner's mistake in their software development. | ||
| 25 | This is unprofessional, grossly negligent and above all deeply | ||
| 26 | worrying," commented CCC spokesman Dirk Engling regarding the incident. | ||
| 27 | "As this information is very sensitive, where abuse such as identity | ||
| 28 | theft or its use in connection with burglary cannot be excluded, THS | ||
| 29 | Infratest needs to inform the victims immediately," he continued. | ||
| 30 | |||
| 31 | This case continues a disastrous, never-ending series of information | ||
| 32 | leaks of data held by public and private sector organisations. The need | ||
| 33 | for more strict control of sensitive data collections is evidenced by | ||
| 34 | the recent snooping affairs by German Telecom as well as the data leaks | ||
| 35 | from the "Meldeämtern" (registration of address offices). It is obvious | ||
| 36 | here that data security only plays a minor role in companies. | ||
| 37 | "Especially for companies surveying the most confidential data, the | ||
| 38 | highest security standards have to apply," said Engling. | ||
| 39 | |||
| 40 | In view of the severity of the loss, the CCC sees itself vindicated in | ||
| 41 | its calls \[2\] for strict regulations for public and private sector | ||
| 42 | data collectors. | ||
| 43 | |||
| 44 | The press team of the Chaos Computer Club is available for questions at | ||
| 45 | the following addresses: | ||
| 46 | |||
| 47 | - presse\@ccc.de (preferred) | ||
| 48 | - 0700-CHAOSFON (0700 - 24267366) | ||
| 49 | |||
| 50 | ### Links (German) | ||
| 51 | |||
| 52 | - \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf) | ||
| 53 | - \[2\] [](/updates/2008/datenschutz-manifest) | ||