BreachExchange mailing list archives
follow-up: Texas company lays out 'hacking' case against Minnesota Public Radio
From: security curmudgeon <jericho () attrition org>
Date: Thu, 17 Dec 2009 08:31:04 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.minnpost.com/braublog/2009/12/15/14315/texas_company_lays_out_hacking_case_against_minnesota_public_radio By David Brauer minnpost.com Dec 15 2009Do Minnesota Public Radio and reporter Sasha Aslanian realistically face civil and criminal penalties after uncovering a Texas firm’s security breaches involving state of Minnesota job-seeker data?
Lookout Services - which acknowledges an October security breach and subsequent security weaknesses - claimed in a Dec. 14 statement that their data was "illegally compromised." The company - which notes "only the Minnesota Public Radio reporter viewed" some data and wants MPR to disclose what was viewed - will "aggressively seek prosecution for this egregious act," according to the statement.
In a Dec. 11 report, Aslanian said she was able to see "employee names, birth dates, Social Security numbers and hire dates" on Lookout's web site "without using a password or encryption software."
Lookout CEO Elaine Morley says that’s not the whole truth. She contends Aslanian did use a password and ID to penetrate Lookout's security - and told Morley so during a Dec. 7 phone call. Later, Morley asserts, Aslanian used information from that penetration to view the state data, even though she didn’t need a password or encryption that time.
[...]
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- follow-up: Texas company lays out 'hacking' case against Minnesota Public Radio security curmudgeon (Dec 17)