[Dataloss] Federal loan Web site left unprotected

blitz blitz at strikenet.kicks-ass.net
Sun Sep 17 20:58:33 EDT 2006


What part of "DON'T USE PRODUCTION DATA" do they not understand? Sheesh!

At 09:40 9/17/2006, you wrote:
>Complications from a computer software upgrade caused a security
>breach that left loan borrowers' private information, such as their
>Social Security numbers, unprotected online.
>
>The problem occurred from the evening of Aug. 20 to the morning of
>Aug. 22 on the Web site of Direct Loans. Direct Loans is part of the
>William D. Ford Federal Direct Loan Program within the Dept. of
>Education and Federal Student Aid.
>
>Anyone who used the Web site and performed the same transaction at
>the same time in the same part of the system as another user could
>have had his or her data exposed, Bushman said.
>
>...  She estimated that 21,000 accounts of the more than six million
>on the system could have been affected. All those potentially
>affected already would have been notified, she said.
>
>[...]
>
>http://www.press-citizen.com/apps/pbcs.dll/article?AID=/20060917/NEWS01/609170310/1079/NEWS01
>
>
>--
>No virus found in this outgoing message.
>Checked by AVG Free Edition.
>Version: 7.1.405 / Virus Database: 268.12.4/449 - Release Date: 9/15/2006
>
>
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>Tracking more than 146 million compromised records in 349 incidents 
>over 6 years.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060917/32abc56a/attachment.html 


More information about the Dataloss mailing list