summaryrefslogtreecommitdiff
path: root/updates/2008/umfragetief.en.md
blob: 2f416436c46c79135759f7f75c633ce5bada0f97 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
title: CCC reports information leak at TNS Infratest/Emnid: the living rooms of 41,000 citizens exposed on the internet
date: 2008-07-04 00:00:00 
updated: 2009-11-19 16:37:00 
author: erdgeist
tags: update, datenschleuder

The scientific journal of the Chaos Computer Club (CCC), Die Datenschleuder, reports that market research firm TNS Infratest/Emnid has lost 41,000 private data records of their survey participants.

<!-- TEASER_END -->

As the magazine reports \[1\], it was possible for participants to read
master data records and consumer profiles without bypassing even basic
security measures. Access to the comprehensive survey results could be
gained by simply changing the customer ID number in the browser's
address bar.

Besides name and address, the data records included date of birth, email
address and phone number. Many records also included very sensitive
information: monthly income, education, bank account information, health
insurance data, if and which credit cards are used, which electronic
devices are used in the household, children's ages and yet more private
data.

"TNS Infratest made a beginner's mistake in their software development.
This is unprofessional, grossly negligent and above all deeply
worrying," commented CCC spokesman Dirk Engling regarding the incident.
"As this information is very sensitive, where abuse such as identity
theft or its use in connection with burglary cannot be excluded, THS
Infratest needs to inform the victims immediately," he continued.

This case continues a disastrous, never-ending series of information
leaks of data held by public and private sector organisations. The need
for more strict control of sensitive data collections is evidenced by
the recent snooping affairs by German Telecom as well as the data leaks
from the "Meldeämtern" (registration of address offices). It is obvious
here that data security only plays a minor role in companies.
"Especially for companies surveying the most confidential data, the
highest security standards have to apply," said Engling.

In view of the severity of the loss, the CCC sees itself vindicated in
its calls \[2\] for strict regulations for public and private sector
data collectors.

The press team of the Chaos Computer Club is available for questions at
the following addresses:

-   presse\@ccc.de (preferred)
-   0700-CHAOSFON (0700 - 24267366)

### Links (German)

-   \[1\] [](http://ds.ccc.de/vorab/Sicherheitsleck_Infratest.pdf)
-   \[2\] [](/updates/2008/datenschutz-manifest)