http://news.cnet.com/news/0-1003-200-6477431.html?tag=mn_hd By Reuters July 6, 2001, 4:25 p.m. PT WASHINGTON--U.S. officials scrambled to assure businesses Friday that their confidential data had not been compromised by a government Web site that allegedly contained security holes. Ironically, the Web site encouraged businesses to sign up for a program that would beef up their own protections for sensitive personal data. A report that appeared Friday on Wired News said hackers could easily access proprietary information through a back door to the U.S. Department of Commerce's safe harbor Web site. A notice on the site said two pages had been taken down Wednesday while security provisions were examined. Commerce Department officials said they were still investigating the matter but that hackers had not altered any data accessible through the site. "As we continue to examine the situation, we're in the process of contacting all Safe Harbor participants to assure them that we have not found any compromised data," said Jeff Rohlmeier, an international trade specialist at the Commerce Department. U.S. and European Union officials developed the safe harbor program last year to enable U.S. firms to avoid prosecution under an EU law that prohibits the transfer of personal data such as customer lists from the EU to countries that do not meet its standards for privacy safeguards, including the United States. Firms that wish to sign up for the safe harbor must certify that their internal privacy practices measure up to EU standards. U.S. companies have been slow to sign up: As of July 1, only 72 businesses were listed on the site as participants. The security hole reportedly allowed visitors to a government site to access a database that contained information on participating businesses the Commerce Department said it would not make public: revenue, number of employees, and European countries in which the firm does business. Publicly held companies divulge this information in financial filings, but many private firms closely guard such figures. John Hollway, chief privacy officer for privately held pharmaceutical services company Acurian, said Commerce Department officials had contacted him about the possible security hole. While Hollway said he was concerned that hackers could have bumped Acurian from the certification list, he said he was not troubled by any data that might have been revealed. "I don't think it raised huge alarm bells," Hollway said. "Certainly there's an unfortunate irony that a privacy site is fingered as a place that could be hacked." ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:39:53 PDT