UK Internet service provider Demon Internet has had a peculiar self-induced security breach [1].
Demon Internet has sent out a spreadsheet containing the personal details of thousands of customers with one of its new ebills.
[..]
The Excel spreadsheet – which isn’t password protected – contains more than 3,600 records. It includes the full name of the customers, email addresses, telephone numbers and names of the customers’ businesses. Police forces, NHS trusts and government officials are among the email addresses listed in the database.The file also includes two unidentified fields which adopt the same format as the username and password for the ebilling system that was sent to the PC Pro reader.
[..]
Demon Internet is blaming “human error” for the security breach.
Apparently they have since changed the passwords of affected customers…I doubt that they’ll offer to change the phone numbers of people with silent numbers though.
The mind boggles as to what all of this information was doing in a spreadsheet to begin with.
Samuel