From: Darius Freamon (darius.freamongmail.com)
Date: Tue Aug 17 2010 - 13:13:07 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.zecurion.com/server-software-blog/2009/12/former-insurance-agent-accused-of-breaching-customer-data/

Farmers Insurance in Nashville is investigating a breach and notifying
customers that their data was
compromised<http://www.wsmv.com/news/21715549/detail.html>.
The incident seems to be a result of a combination of weak server security
and a disgruntled ex-employee.

An individual allegedly contracted to ‘hack’ into Farmers by a former agent
“said a few months ago he discovered a flaw in the agent page for Farmers
Insurance that allows someone to extract all the information from its
database, such as insurance policies, names, addresses and Social Security
numbers.”

Obviously, Farmers should have had better security in place on the Web
server in the first place. In addition, though, the data stored on the
server should be protected to ensure it can’t be
compromised<http://www.zecurion.com/zserver.php>even if an attacker
manages to gain access to the server itself.

more info http://www.wsmv.com/news/21715549/detail.html

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]