|
|
|
archives If you want an RSS feed try this
Saturday, September 27, 2003Car Dealerskins OnLine Customers of personal data
 Car Dealerskins online customers of personal data including credit card and social security number details.On-Line hosting provider Dealerskins of Tennessee has exposed personal and financial data of around 1000 customer's on it's web site. The security breach discovered by a security consultant, which has now been plugged, was caused by a publicly accessible web page which contained a dump of all the data from all the web forms submitted on the web site. The company, which provides Automotive dealerships in the USA with hosted web sites, has refused to confirm or deny the compromise and consequently it's not known how many customers have been affected or how long the exposure has been visible. We wonder who might actually be liable in a case like this. The recently enacted Californian law which might relate to this issue has a specific clause in it 'willful ignorance' which to our mind would imply the automotive dealer could not shrug off the blame to the hosting company and would therefore be equally responsible. The law, called "SB 1386," is intended to combat identity theft. It passed last September [2002] after a major computer intrusion into a California state government payroll system. Other recent cases where the FTC have taken action include the Designer Clothing retailer Guess Inc. Related Links Security Focus Article on the Guess Inc case Guess Who's Fault it is Kevin Poulsen's article at Security Focus SB 1386 Federal Trade Commision posted by Robert Campbell 9:12 AM
|
