Thread in Data-Safety Lapses Was Failure to Follow Policy

By Vartanian, Thomas P.; Fajfar, Mark | American Banker, January 17, 2003 | Go to article overview
Save to active project

Thread in Data-Safety Lapses Was Failure to Follow Policy

Vartanian, Thomas P., Fajfar, Mark, American Banker

On Nov. 1, as the business world awaited U.S. District Judge Colleen Kollar-Kennedy's decision on the proposed settlement of the antitrust cases against Microsoft Corp., trading in Microsoft's shares intensified and the price began to rise. Though the judge had said that her decision would be publicly available on the court's Web site 30 minutes after the markets closed, links to the decision were anonymously posted on at 3:33 p.m.

Another example of malicious hacking? Apparently not. Instead, it seems that the court's Web administrator had not anticipated that someone would try to guess the Internet address of the files containing the decision, which were uploaded to the Web site about 90 minutes early in a directory named "Opinions/2002/Kotelly." Since these files were not encrypted or protected by password, a user of any Web browser could search for files that appeared to contain the decision.

Financial companies are not immune from even the simplest of these errors. A few days after the Microsoft opinion incident, BackWest Corp.'s Bank of the West (BancWest is owned by BNP Paribas) broadcast an e-mail to about 3,500 of its customers in a format that revealed all the e mail addresses to every recipient. Though no other personal or financial information was released, the company apologized (by e-mail) and pledged to implement controls.

Crafting appropriate Internet security procedures is only the first step in compliance for financial services companies. Written procedures are not always followed, so financial companies must provide training, maintain records, and identify new risks.

Regulators have taken notice of these vulnerabilities. In late September the Federal Trade Commission announced an initiative designed to create a "culture of security" among users and providers of Internet services, and publicized a number of ways consumers and businesses could preserve Internet security, such as installing virus protection and guarding passwords.

The importance of maintaining security on the Internet is exemplified by the vigorous reaction to recent, relatively minor, security lapses. Each of these incidents provides useful lessons to banks and other financial outfits that rely on the Internet to reach and serve their customers.

Ziff Davis Media Inc. recently agreed to pay $100,000 to three states and $25,000 in compensation to 50 customers over an online subscription offer. It turned out that names, addresses, and credit card numbers submitted by consumers in response to the offer were stored, in unencrypted format, in a publicly accessible file.

Apparently, one reason for the breach was that Ziff Davis enlarged the information it collected without being sure to implement more robust security procedures.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Thread in Data-Safety Lapses Was Failure to Follow Policy


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?