Computer services company Bull has blamed human error for a security flaw that left sensitive customer records available for viewing on the Web.
Confidential details about Bull's customers, including the French Police, the Russian tax police, and Barclays Bank were exposed by the error last week.
The flaw, in a database intended for use by Bull's customers, came to light after a French Web site published confidential files downloaded from Bull on the Internet.
Bull played down the error this week. It said in a statement, "We can confirm that, due to human error, on Thursday, 31 August 2000, certain pages of the Bull customer extranet were non-password protected."
Bull said the site contained no "highly confidential" information. However, some documents from the site are clearly marked as being confidential.
Security consultant, Kenneth De Spiegeleire, of Internet Security Services, said the case illustrates the perils of Web site design. "One of the problems is that people design security into a site afterwards," he said. "Very often a small mistake can make the whole system vulnerable."
Lawyer Steven Philippsohn advised companies that fall victim to Web site security breaches to inform their customers straight away to reduce potential claims for damages.
If they discover their records are compromised, customers should consider taking out injunctions against both the supplier and its ISP demanding an immediate fix, Philippsohn said.