http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227400151 By Ericka Chickowski Special To Dark Reading DarkReading Sept 10, 2010 Hundreds of thousands of attendees at the 2006 World Cup in Germany were put at risk of identity theft, though the major breach of a FIFA database was only recently uncovered. Initially reported by Norwegian newspaper Dagbladet, the breach came to light when an employee of the firm in charge of World Cup 2010 ticketing circulated an e-mail peddling more than 250,000 2006 World Cup customer details, including such personal information as birth dates and passport information. According to Rob Rachwald, director of security strategy at database monitoring firm Imperva, the interesting hook to this story is that the customer data in question came from the Germany event four years ago and not the South African World Cup last summer. He says the event is indicative of a number of failures, including carelessness with older databases and unused data, a failure to think beyond the conclusion of the event, and a failure to have a full data security protection and destruction strategy. "At the end of the '06 World Cup, a data destruction process should have been performed, and it clearly didn't occur to anyone [with FIFA or its IT firm]," Rachwald says. "[A good strategy should] identify what you have, attach risk and design a protection and destruction program." [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Sun Sep 12 2010 - 22:39:53 PDT
This archive was generated by hypermail 2.2.0 : Sun Sep 12 2010 - 22:44:54 PDT