summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--updates/2008/umfragetief.en.md53
1 files changed, 53 insertions, 0 deletions
diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md
new file mode 100644
index 00000000..bf254bb2
--- /dev/null
+++ b/updates/2008/umfragetief.en.md
@@ -0,0 +1,53 @@
1title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet
2date: 2008-07-04 00:00:00
3updated: 2009-04-18 19:07:50
4author: erdgeist
5tags: update
6
7The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants.
8
9<!-- TEASER_END -->
10
11As the magazine reports \[1\], it was possible for participants to read
12master data records and consumer profiles without bypassing even basic
13security measures. Access to the comprehensive survey results could be
14gained by simply changing the customer ID number in the browser's
15address bar.
16
17Besides name and address, the data records included date of birth, email
18address and phone number. Many records also included very sensitive
19information: monthly income, education, bank account information, health
20insurance data, if and which credit cards are used, which electronic
21devices are used in the household, children's ages and yet more private
22data.
23
24"TNS Infratest made a beginner's mistake in their software development.
25This is unprofessional, grossly negligent and above all deeply
26worrying," commented CCC spokesman Dirk Engling regarding the incident.
27"As this information is very sensitive, where abuse such as identity
28theft or its use in connection with burglary cannot be excluded, THS
29Infratest needs to inform the victims immediately," he continued.
30
31This case continues a disastrous, never-ending series of information
32leaks of data held by public and private sector organisations. The need
33for more strict control of sensitive data collections is evidenced by
34the recent snooping affairs by German Telecom as well as the data leaks
35from the "Meldeämtern" (registration of address offices). It is obvious
36here that data security only plays a minor role in companies.
37"Especially for companies surveying the most confidential data, the
38highest security standards have to apply," said Engling.
39
40In view of the severity of the loss, the CCC sees itself vindicated in
41its calls \[2\] for strict regulations for public and private sector
42data collectors.
43
44The press team of the Chaos Computer Club is available for questions at
45the following addresses:
46
47- presse\@ccc.de (preferred)
48- 0700-CHAOSFON (0700 - 24267366)
49
50### Links (German)
51
52- \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf)
53- \[2\] [](/updates/2008/datenschutz-manifest)