[Dataloss] UK: Security breach hits thousands

Chris Walsh chris at cwalsh.org
Sat Jul 28 03:29:44 UTC 2007 

Some more details:

A security blunder at Newcastle City Council has exposed the credit  
and debit card details of up to 54,000 people online.

The breach was discovered on 19 July after the council hired an  
independent security expert to try and crack its systems. The  
security exercise found an encrypted file containing names,  
addresses, and credit and debit card numbers had been mistakenly  
placed on an insecure server.

An internal investigation also revealed the file with all the card  
details had been accessed and uploaded to a computer IP address  
registered in Israel. Newcastle City Council claims there is no  
indication of any fraud on the affected cards.

The file contained details of payments for council tax, business  
rates, parking fines and rents for more than a year between February  
2006 and April 2007. The council has informed the banks, police and  
the Information Commissioner about the breach and said a full  
investigation into the security breach is underway.

[...]

http://software.silicon.com/security/0,39024655,39167978,00.htm


On Jul 26, 2007, at 8:03 AM, lyger wrote:

>
> http://icnewcastle.icnetwork.co.uk/chroniclelive/eveningchronicle/ 
> tm_headline=security-breach-hits- 
> thousands&method=full&objectid=19522958&siteid=50081-name_page.html
>
> A COUNCIL computer blunder has led to a serious breach of security for
> credit and debit card holders on Tyneside.
>
> Police and security experts have been called in after details of  
> thousands
> of people's cards were downloaded to an address which has been  
> traced to
> the Middle East.
>
> As a result of the mistake, millions of financial records held by
> Newcastle City Council have been accessed and up to 54,000  
> individual card
> holders are affected.
>
> Information was placed in error on an open server site which could be
> accessed by outsiders instead of a secure network. The site was  
> shut down
> as soon as the problem was discovered.
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 220 million compromised records in 734 incidents  
> over 7 years.

More information about the Dataloss mailing list