From 6af214cb115d03242444dfd3dc3be2fbbc2192af Mon Sep 17 00:00:00 2001 From: erdgeist Date: Sat, 18 Apr 2009 19:07:50 +0000 Subject: committing page revision 1 --- updates/2008/umfragetief.en.md | 53 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 updates/2008/umfragetief.en.md diff --git a/updates/2008/umfragetief.en.md b/updates/2008/umfragetief.en.md new file mode 100644 index 00000000..bf254bb2 --- /dev/null +++ b/updates/2008/umfragetief.en.md @@ -0,0 +1,53 @@ +title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet +date: 2008-07-04 00:00:00 +updated: 2009-04-18 19:07:50 +author: erdgeist +tags: update + +The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants. + + + +As the magazine reports \[1\], it was possible for participants to read +master data records and consumer profiles without bypassing even basic +security measures. Access to the comprehensive survey results could be +gained by simply changing the customer ID number in the browser's +address bar. + +Besides name and address, the data records included date of birth, email +address and phone number. Many records also included very sensitive +information: monthly income, education, bank account information, health +insurance data, if and which credit cards are used, which electronic +devices are used in the household, children's ages and yet more private +data. + +"TNS Infratest made a beginner's mistake in their software development. +This is unprofessional, grossly negligent and above all deeply +worrying," commented CCC spokesman Dirk Engling regarding the incident. +"As this information is very sensitive, where abuse such as identity +theft or its use in connection with burglary cannot be excluded, THS +Infratest needs to inform the victims immediately," he continued. + +This case continues a disastrous, never-ending series of information +leaks of data held by public and private sector organisations. The need +for more strict control of sensitive data collections is evidenced by +the recent snooping affairs by German Telecom as well as the data leaks +from the "Meldeämtern" (registration of address offices). It is obvious +here that data security only plays a minor role in companies. +"Especially for companies surveying the most confidential data, the +highest security standards have to apply," said Engling. + +In view of the severity of the loss, the CCC sees itself vindicated in +its calls \[2\] for strict regulations for public and private sector +data collectors. + +The press team of the Chaos Computer Club is available for questions at +the following addresses: + +- presse\@ccc.de (preferred) +- 0700-CHAOSFON (0700 - 24267366) + +### Links (German) + +- \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf) +- \[2\] [](/updates/2008/datenschutz-manifest) -- cgit v1.2.3