Parcelforce blunder blamed on inadequate auditing
by David Masters
Parcelforce’s recent leak of customer records has been blamed on inadequate security testing of the delivery firm’s website.
The BBC last week revealed that Parcelforce’s customers entering their parcel tracking number online were given access to the delivery details of other customers, including names, addresses, and postcodes.
The leak put Parcelforce at risk of breaching data protection laws.
Fortify Software, an application vulnerability specialist, said the leak was most likely caused by insufficient auditing when the website was being programmed.
“From what has been reported by the BBC and others, this sounds like a scripting issue with the site concerned,” said Richard Kirk, Fortify’s European director.
Kirk believes the Parcelforce site was created by in-house developers, who may have lacked the facility of looking at the code from an audit perspective.
He added that the issue with the site will “almost certainly” be solved with an audit.
“It is to be hoped that, as well as Parcelforce learning from this situation, that other companies realise it could be their own IT team involved in the corporate red face stakes and review their own web sites as well,” Kirk said.
“Only by efficient code auditing can major errors like this be avoided.”
Parcelforce said the error on its site has been rectified, although the Information Commissioner’s Office (ICO) may still investigate.
“We will be contacting Parcelforce to establish how this security breach occurred and to find out what steps it will be taking to ensure that such a breach cannot happen again,” an ICO spokeswoman said.
Click here to discuss this: Security Forums
Related posts to "Parcelforce blunder blamed on inadequate auditing":
- MI6 USB blunder blows cover on drugs investigation
- Crown Plaza Venice hotel booking fiasco was avoidable
- 3ami not suprised by misuse of police force computers
- Mainstream publicity not good for criminal internet activities
- Multiple worms hit Twitter over Easter
Speak Your Mind
Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
Previous: « iPhone OS 3.0 had 46 security updates already
Next: Kaspersky Internet Security 2010 and Anti-Virus 2010 »
Visited 708 times, 4 so far today