1 files changed, 53 insertions, 0 deletions
diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md
new file mode 100644
index 00000000..bf254bb2
--- /dev/null
+++ b/updates/2008/umfragetief.en.md
@@ -0,0 +1,53 @@
+title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet
+date: 2008-07-04 00:00:00 
+updated: 2009-04-18 19:07:50 
+author: erdgeist
+tags: update
+The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants.
+<!-- TEASER_END -->
+As the magazine reports \[1\], it was possible for participants to read
+master data records and consumer profiles without bypassing even basic
+security measures. Access to the comprehensive survey results could be
+gained by simply changing the customer ID number in the browser's
+address bar.
+Besides name and address, the data records included date of birth, email
+address and phone number. Many records also included very sensitive
+information: monthly income, education, bank account information, health
+insurance data, if and which credit cards are used, which electronic
+devices are used in the household, children's ages and yet more private
+data.
+"TNS Infratest made a beginner's mistake in their software development.
+This is unprofessional, grossly negligent and above all deeply
+worrying," commented CCC spokesman Dirk Engling regarding the incident.
+"As this information is very sensitive, where abuse such as identity
+theft or its use in connection with burglary cannot be excluded, THS
+Infratest needs to inform the victims immediately," he continued.
+This case continues a disastrous, never-ending series of information
+leaks of data held by public and private sector organisations. The need
+for more strict control of sensitive data collections is evidenced by
+the recent snooping affairs by German Telecom as well as the data leaks
+from the "Meldeämtern" (registration of address offices). It is obvious
+here that data security only plays a minor role in companies.
+"Especially for companies surveying the most confidential data, the
+highest security standards have to apply," said Engling.
+In view of the severity of the loss, the CCC sees itself vindicated in
+its calls \[2\] for strict regulations for public and private sector
+data collectors.
+The press team of the Chaos Computer Club is available for questions at
+the following addresses:
+-   presse\@ccc.de (preferred)
+-   0700-CHAOSFON (0700 - 24267366)
+### Links (German)
+-   \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf)
+-   \[2\] [](/updates/2008/datenschutz-manifest)

diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md new file mode 100644 index 00000000..bf254bb2 --- /dev/null +++ b/updates/2008/umfragetief.en.md
@@ -0,0 +1,53 @@
	1	title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet
	2	date: 2008-07-04 00:00:00
	3	updated: 2009-04-18 19:07:50
	4	author: erdgeist
	5	tags: update
	6
	7	The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants.
	8
	9	<!-- TEASER_END -->
	10
	11	As the magazine reports \[1\], it was possible for participants to read
	12	master data records and consumer profiles without bypassing even basic
	13	security measures. Access to the comprehensive survey results could be
	14	gained by simply changing the customer ID number in the browser's
	15	address bar.
	16
	17	Besides name and address, the data records included date of birth, email
	18	address and phone number. Many records also included very sensitive
	19	information: monthly income, education, bank account information, health
	20	insurance data, if and which credit cards are used, which electronic
	21	devices are used in the household, children's ages and yet more private
	22	data.
	23
	24	"TNS Infratest made a beginner's mistake in their software development.
	25	This is unprofessional, grossly negligent and above all deeply
	26	worrying," commented CCC spokesman Dirk Engling regarding the incident.
	27	"As this information is very sensitive, where abuse such as identity
	28	theft or its use in connection with burglary cannot be excluded, THS
	29	Infratest needs to inform the victims immediately," he continued.
	30
	31	This case continues a disastrous, never-ending series of information
	32	leaks of data held by public and private sector organisations. The need
	33	for more strict control of sensitive data collections is evidenced by
	34	the recent snooping affairs by German Telecom as well as the data leaks
	35	from the "Meldeämtern" (registration of address offices). It is obvious
	36	here that data security only plays a minor role in companies.
	37	"Especially for companies surveying the most confidential data, the
	38	highest security standards have to apply," said Engling.
	39
	40	In view of the severity of the loss, the CCC sees itself vindicated in
	41	its calls \[2\] for strict regulations for public and private sector
	42	data collectors.
	43
	44	The press team of the Chaos Computer Club is available for questions at
	45	the following addresses:
	46
	47	- presse\@ccc.de (preferred)
	48	- 0700-CHAOSFON (0700 - 24267366)
	49
	50	### Links (German)
	51
	52	- \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf)
	53	- \[2\] [](/updates/2008/datenschutz-manifest)