Bull blames human error as police records go on the Net


Bull blames human error as police records go on the Net

Bill Goodwin

Bill Goodwin

Computer services company Bull has blamed human error for a security flaw that left sensitive customer records available for viewing on the Web.

Confidential details about Bull's customers, including the French Police, the Russian tax police, and Barclays Bank were exposed by the error last week.

The flaw, in a database intended for use by Bull's customers, came to light after a French Web site published confidential files downloaded from Bull on the Internet.

Bull played down the error this week. It said in a statement, "We can confirm that, due to human error, on Thursday, 31 August 2000, certain pages of the Bull customer extranet were non-password protected."

Bull said the site contained no "highly confidential" information. However, some documents from the site are clearly marked as being confidential.

Security consultant, Kenneth De Spiegeleire, of Internet Security Services, said the case illustrates the perils of Web site design. "One of the problems is that people design security into a site afterwards," he said. "Very often a small mistake can make the whole system vulnerable."

Lawyer Steven Philippsohn advised companies that fall victim to Web site security breaches to inform their customers straight away to reduce potential claims for damages.

If they discover their records are compromised, customers should consider taking out injunctions against both the supplier and its ISP demanding an immediate fix, Philippsohn said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy