Wednesday, 25 April 2007

MTAS security breach story breaks

Channel Four News has just broken the story on a massive security breach on the MTAS website. It seems that some clever bod over at MTAS IT thought he / she could get away creating a secret URL for the download of information from the MTAS site. Security by obscurity as it's known. This URL however, it seems became public knowledge!

The data contained names, addresses and phone numbers. But also included sexual orientation and details of criminal records and references!!

I can not understand why anyone would need to have a download of all this data available, but if you are going to do that then using such a poor security model is madness.

Unfortunately, this kind of ineptitude is just the sort of thing we see daily in the NHS and is why I think the organisation fails. Lets just hope that none of this information got into the wrong hands.

No comments: