[ISN] Troubled Dot-Coms May Expose Confidential Client Data

From: InfoSec News (isnat_private)
Date: Thu Aug 09 2001 - 04:35:41 PDT

  • Next message: InfoSec News: "[ISN] Early Bird: A realtime Code Red attempt reporting utility."

    Forwarded by: William Knowles <wkat_private>
    Jay Lyman 
    August 08, 2001 
    Following rumors of sensitive data remaining on the hard drives of
    auctioned company computers, Internet consultant Viant Corp. is
    investigating whether confidential client or cororate information was
    placed at risk.
    Word of the ex-corporate computers that still contained company
    information first came to the Web site F***edcompany.com, according to
    site founder Phil Kaplan, who told NewsFactor Network that the
    anonymous tips came from "some people who had their laptops auctioned
    and from people who bought laptops."
    Kaplan said his site was also informed of a similar situation with
    now-defunct MarchFirst, an interactive consulting agency that fell
    victim to the dot-com implosion and was forced to sell off assets
    earlier this year.
    To the Bottom Of It
    A spokeswoman for Boston-based Viant said the company outsourced the
    sale of fewer than 100 computers to auctioneer Dovebid when Viant
    closed a San Francisco office in the spring of this year.
    "They are under contract to wipe or clean the hard drives so there are
    no remaining files," Viant's Connie Bienfait told NewsFactor. "We are
    looking into any chance that wasn't done completely. We believe it
    [was], but we are taking this very seriously."
    Viant, whose corporate clients include Lucent, Compaq and Kinko's, is
    working with Dovebid to find out if any client materials have been
    compromised, Bienfait said.
    "We would only be concerned if there were files that were able to be
    entered," she said, adding most files would be protected by passwords
    and hard to access.
    Situation Unclear
    Dovebid spokeswoman Lisa Hawes told NewsFactor that the source of the
    breached data rumors made the issue unclear.
    "You never know how much of that is true and how much isn't," she
    Still, the auction company is working with Viant to investigate the
    matter, according to Hawes, who likened the computer data to something
    left in the drawer of an auctioned desk.
    "They're indemnified," she said of Forest City, California-based
    Dovebid. "They don't actually purchase the items from the customer.
    They're just the intermediary."
    Erasure Priority
    The erasure of confidential, sensitive or potentially embarrassing
    information on an old computer hard drive is one of the main concerns
    of companies that auction equipment, according to TechSmart vice
    president of product sales Tom Sager, whose Long Island, New
    York-based company is involved in asset value recovery for IT
    "For people who are retiring equipment, that's usually one of the top
    two or three hot buttons in getting it done right," Sager told
    NewsFactor. "This is pretty high on the list."
    While he called full erasure of data standard operating procedure,
    Sager said the fast demise of some companies and less scrupulous
    practices -- employee sales or equipment movement -- can lead to
    compromised data.
    Can't Keep Track
    Electronic Privacy Information Center (EPIC) legislative counsel Chris
    Hoofnagle told NewsFactor the issue highlights weak privacy protection
    in the U.S.
    "The problem here is most of the practices -- because of weak
    legislation -- allow the transfer of data without authorization or
    auditing," he said, adding most transactions are not brought into
    public light.
    Hoofnagle said that while EPIC does not believe corporations have a
    right to privacy, the employees of the companies involved may have
    personal information included in the data on computers for sale.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:36:24 PDT