Forgot your password?
typodupeerror
Security IT

ICO Warns Toshiba Over Data Breach 27

Posted by samzenpus
from the do-better-next-time dept.
hypnosec writes "Toshiba Information Systems has been given a slap on the wrist by the Information Commissioner's Office (ICO), following a data spillage. This happened during an on-line competition that Toshiba organized last year. Back in September 2011, a concerned member of the public contacted the ICO and informed the body that some data pertaining to those registered for the competition was accessible. In fact, the personal details of 20 entrants were compromised in a security flaw on the site. Those details included names, addresses and dates of birth, along with other contact information. The ICO investigated and found that Toshiba's security measures weren't thorough enough, and hence, didn't detect the vulnerability — from a mistake, made by a third-party web designer. A fine hasn't been levied, but Toshiba has signed an undertaking to ensure this doesn't happen again."
This discussion has been archived. No new comments can be posted.

ICO Warns Toshiba Over Data Breach

Comments Filter:
  • by DoofusOfDeath (636671) on Wednesday April 18, 2012 @10:21PM (#39730709)

    Seriously, if companies were to get fined for every bad piece of code or stupid bobby tables vulnerability (obligatory xkcd reference), they would all go out of existence

    Or they could slow down, and write less code, more carefully.

  • by Cryophallion (1129715) on Wednesday April 18, 2012 @10:45PM (#39730841)

    I agree that would be far better. However, in reality, it sometimes fails. This can be due to feature creep, overly high workloads (esp at some sweatshop web companies, like HIT/Heritage used to be - I dealt with them once, and wish I could have run away, but it wasn't my money), a library that got changed, or even some junior developer committing his code by mistake and having it appear in production when he meant to send it to his super.

    SQL injection still appears to happen almost constantly, even though most web languages have very good safeguards against it, and high profile places still show vulnerabilities, so it is still high on the list of security flaws next to XSS.

    I've been on both sides - times when I have the time to write good clean code, which has everything completely buttoned up. But I've also been a victim of those times I echoed a variable in testing and it appeared in production when just the right situation arose. I'm not proud of it, but no one is perfect. Being up all night hunting down an obscure bug means sometimes you don't clean things out the way you should.

    I wish I had the leisure to take my time at it. However, reality can be the boss and the client screaming their heads off, as you try to fix a showstopper in a feature or form that was added last minute by sales due to a miscommunication, or unseen need. Companies are less people do more work, not the other way around.

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Working...