Bill GoodwinComputer services company Bull has blamed human error for a
security flaw that left sensitive customer records available for
viewing on the Web.
Confidential details about Bull's customers, including the
French Police, the Russian tax police, and Barclays Bank were
exposed by the error last week.
The flaw, in a database intended for use by Bull's customers,
came to light after a French Web site published confidential files
downloaded from Bull on the Internet.
Bull played down the error this week. It said in a statement,
"We can confirm that, due to human error, on Thursday, 31 August
2000, certain pages of the Bull customer extranet were non-password
protected."
Bull said the site contained no "highly confidential"
information. However, some documents from the site are clearly
marked as being confidential.
Security consultant, Kenneth De Spiegeleire, of Internet
Security Services, said the case illustrates the perils of Web site
design. "One of the problems is that people design security into a
site afterwards," he said. "Very often a small mistake can make the
whole system vulnerable."
Lawyer Steven Philippsohn advised companies that fall victim to
Web site security breaches to inform their customers straight away
to reduce potential claims for damages.
If they discover their records are compromised, customers should
consider taking out injunctions against both the supplier and its
ISP demanding an immediate fix, Philippsohn said.