[ISN] Online passport check suffers security breach

From: InfoSec News <alerts_at_private>
Date: Fri, 18 Jul 2008 02:46:04 -0500 (CDT)

By Tom Young
17 July 2008

The Identity and Passport Service (IPS) has admitted a data breach in 
its online passport application progress checking service.

The incident was formally reported to the Information Commissioner's 
Office (ICO) but has not been made public until now.

"A parent was able to discover the existence of a child's passport 
application by using the online application progress checking service, 
possibly without entitlement," according to an annual report from the 

The parent involved contacted the IPS in June 2007 to warn them.

The ICO advised the IPS it should require anyone making enquiries into 
the passport application progress to provide the application's unique 
reference number. The IPS said it would continue to monitor and assess 
its information risks to identify and address any weaknesses.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Jul 18 2008 - 00:46:04 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 18 2008 - 00:49:55 PDT