Storage Company's Online Security Breach Exposed

June 27, 2006

By Sue Kwon

http://cbs5.com/topstories/local_story_178210503.html



A CBS 5 investigation has confirmed a security breach at a popular self-storage company that may have exposed customers' private information on its website.

AAAAA Rent-A-Space has taken its online payment system offline and is notifying thousands of customers to check for identity theft after CBS 5 told the company about a flaw on their website.

Howard Fortner describes the security at AAAAA Rent-A-Space in Colma as tighter than Fort Knox. So he was surprised when the cyber gate was left wide open on the storage facility's website.

While trying to make an online payment, Fortner says he accidently typed in someone else's storage unit number along with his password, which is his phone number.

Up popped another customer's private information, including a name, address, credit card, and Social Security number.

"I thought about mine's as vulnerable as that one," Fortner said. "I tried it with a different number, and several accounts opened up."

His password opened at least five other customer profiles.

After CBS 5 alerted AAAAA Rent-A-Space to the problem, the company worked with the Arizona software developer who created the site's account-based program called "Web-Expres." By late Tuesday afternoon, they found the glitch and have taken the payment system offline until it is patched.

AAAAA Rent-A-Space says its online payment system has been up for a year with no other incidents reported.

The company says it plans to mail out 13,000 letters about the discovery to custmers in California and Hawaii, including those who have items stored at the 10 Bay Area facilities.

[an error occurred while processing this directive]