AOH :: ISNQ6941.HTM

Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details




Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details
Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details



http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227400151 

By Ericka Chickowski
Special To Dark Reading
DarkReading
Sept 10, 2010 

Hundreds of thousands of attendees at the 2006 World Cup in Germany were 
put at risk of identity theft, though the major breach of a FIFA 
database was only recently uncovered.

Initially reported by Norwegian newspaper Dagbladet, the breach came to 
light when an employee of the firm in charge of World Cup 2010 ticketing 
circulated an e-mail peddling more than 250,000 2006 World Cup customer 
details, including such personal information as birth dates and passport 
information.

According to Rob Rachwald, director of security strategy at database 
monitoring firm Imperva, the interesting hook to this story is that the 
customer data in question came from the Germany event four years ago and 
not the South African World Cup last summer. He says the event is 
indicative of a number of failures, including carelessness with older 
databases and unused data, a failure to think beyond the conclusion of 
the event, and a failure to have a full data security protection and 
destruction strategy.

"At the end of the '06 World Cup, a data destruction process should have 
been performed, and it clearly didn't occur to anyone [with FIFA or its 
IT firm]," Rachwald says. "[A good strategy should] identify what you 
have, attach risk and design a protection and destruction program."

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods