UK - Update...Security Glitch at BT Broadband...

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

[Fair use for education and research purpose only]

Note: Update to post: http://greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=00338I

--------------

Title: Security Glitch at BT Broadband

Friday, 28 April, 2000, 16:24 GMT 17:24 UK

British Telecom's venture into the world of broadband internet access has started with a security breach.

We made a big mistake, we messed up, we rectified it as quickly as possible BT spokesman

Customers were told via e-mail that "a hidden area" of the BTopenworld website, which contained their personal data, had been "accessed by a limited number of unauthorised persons".

In the e-mail Robert Salvoni, general manager of BTopenworld, apologised "for this breach in security" and told his prospective customers that the site was now secured.

The compromised data were personal information like names, addresses, phone numbers and e-mail addresses of between 500 and 1,000 people who during Thursday morning had applied to install BT's broadband service.

The problem was fixed only after a "company" alerted BT to the error at 1330 London time on Thursday. BT refuses to name the firm which discovered the error, but says it fixed it by 1400.

Human error

A BT spokesman told BBC News Online that the security breach had been caused by "human error", although the actual cause of the problem was still under investigation.

He said: "We made a big mistake, we messed up, we rectified it as quickly as possible."

According to BT there were no links to the "hidden area" on the public web site, and the spokesman said it was a mystery how the web address with the personal data had been discovered.

The spokesman acknowledged that it might have been possible to find the page on the BTopenworld web site by using a search engine.

BT plea

Apparently, BT's web administrators had failed to protect the page with a password or store it on a server that was not accessible to the public.

BT now hopes to persuade all people who managed to get access to personal data to destroy it.

Mr Salvoni told customers: "We are writing to those people identified as having accessed this hidden area to get written confirmation that they have not copied, used or passed your details to any other person and will delete or destroy all copies of this information."

BT will offer its new broadband service from July. The ADSL connection will offer always-on high-speed internet access.

UK competitors are Telewest with its Blueyonder service, which launched several weeks ago, as well as NTL and Kingston Communications, who are running trial services.

http://news.bbc.co.uk/hi/english/business/newsid_729000/729748.stm

====================

-- (Dee360Degree@aol.com), April 28, 2000


Moderation questions? read the FAQ