[Dataloss] it wasn't just e-mailed data for the SAIC breach...
security curmudgeon
jericho at attrition.org
Fri Jul 20 23:53:22 UTC 2007
http://www.saic.com/response/qa.html
[..]
The information was for work being done in connection with TRICARE, the
health benefits program for the uniformed services, retirees and their
families. The server was not behind a firewall and did not contain
adequate password protections, which is in violation of SAIC policy. SAIC
stopped using this server when security concerns were raised.
[..]
---
So the information was on an FTP server, not protected by firewall, and
had inadequate passwords. Combine with that the fact they notified 580,000
people and this doesn't sound like the information "may" have been
compromised...
More information about the Dataloss
mailing list