diff options
author | erdgeist <erdgeist@erdgeist.org> | 2009-04-18 19:07:50 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2020-05-23 13:38:13 +0000 |
commit | 6af214cb115d03242444dfd3dc3be2fbbc2192af (patch) | |
tree | c1fd156763a2d612a07dc321623f2021c5d934f3 | |
parent | 7b556847b150430b282ce8d2a87889bf9246d0e9 (diff) |
committing page revision 1
-rw-r--r-- | updates/2008/umfragetief.en.md | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md new file mode 100644 index 00000000..bf254bb2 --- /dev/null +++ b/updates/2008/umfragetief.en.md | |||
@@ -0,0 +1,53 @@ | |||
1 | title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet | ||
2 | date: 2008-07-04 00:00:00 | ||
3 | updated: 2009-04-18 19:07:50 | ||
4 | author: erdgeist | ||
5 | tags: update | ||
6 | |||
7 | The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants. | ||
8 | |||
9 | <!-- TEASER_END --> | ||
10 | |||
11 | As the magazine reports \[1\], it was possible for participants to read | ||
12 | master data records and consumer profiles without bypassing even basic | ||
13 | security measures. Access to the comprehensive survey results could be | ||
14 | gained by simply changing the customer ID number in the browser's | ||
15 | address bar. | ||
16 | |||
17 | Besides name and address, the data records included date of birth, email | ||
18 | address and phone number. Many records also included very sensitive | ||
19 | information: monthly income, education, bank account information, health | ||
20 | insurance data, if and which credit cards are used, which electronic | ||
21 | devices are used in the household, children's ages and yet more private | ||
22 | data. | ||
23 | |||
24 | "TNS Infratest made a beginner's mistake in their software development. | ||
25 | This is unprofessional, grossly negligent and above all deeply | ||
26 | worrying," commented CCC spokesman Dirk Engling regarding the incident. | ||
27 | "As this information is very sensitive, where abuse such as identity | ||
28 | theft or its use in connection with burglary cannot be excluded, THS | ||
29 | Infratest needs to inform the victims immediately," he continued. | ||
30 | |||
31 | This case continues a disastrous, never-ending series of information | ||
32 | leaks of data held by public and private sector organisations. The need | ||
33 | for more strict control of sensitive data collections is evidenced by | ||
34 | the recent snooping affairs by German Telecom as well as the data leaks | ||
35 | from the "Meldeämtern" (registration of address offices). It is obvious | ||
36 | here that data security only plays a minor role in companies. | ||
37 | "Especially for companies surveying the most confidential data, the | ||
38 | highest security standards have to apply," said Engling. | ||
39 | |||
40 | In view of the severity of the loss, the CCC sees itself vindicated in | ||
41 | its calls \[2\] for strict regulations for public and private sector | ||
42 | data collectors. | ||
43 | |||
44 | The press team of the Chaos Computer Club is available for questions at | ||
45 | the following addresses: | ||
46 | |||
47 | - presse\@ccc.de (preferred) | ||
48 | - 0700-CHAOSFON (0700 - 24267366) | ||
49 | |||
50 | ### Links (German) | ||
51 | |||
52 | - \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf) | ||
53 | - \[2\] [](/updates/2008/datenschutz-manifest) | ||