OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Demon splurges details of 3, 600 customers in billing email

From: security curmudgeon (jerichoattrition.org)
Date: Wed Sep 23 2009 - 15:15:29 CDT


http://www.theregister.co.uk/2009/09/23/demon_password_giveaway/

Demon splurges details of 3,600 customers in billing email
Passwords too

By John Oates
Posted in Enterprise Security, 23rd September 2009 10:30 GMT

Demon Internet sent thousands of business and government subscribers an
email this morning telling them all about a new e-billing system, and
tacked on details, including passwords, for 3,600 customers.

The email - supposedly from Simon Blackburn Demon's director of customer
service - has been sent to customers opting for e-billing. It includes a
guide to the new service along with user names and passwords.

But the email also has a .csv attachment with 3,681 customer records on
it. Entries include names, emails, telephone numbers and what looks very
like a user name and password.

There are records for New Scotland Yard and other police forces, Alder Hey
Children's Hospital and local councils.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php