Friday, February 25, 2005

Feeling Insecure yet?

Another site, Paymaxx revealed SSNs and other data in their W-2 database. Why, one wonders, are these records available online in the first place and, if there is a good reason, why isn't some information, like SSNs, redacted? Although the CNET article indicates that a mere 25,000 names and their attached data were revealed, this article indicates, as in the ChoicePoint debacle, that the number may actually be much higher than that.

Update: According to this ZDNet article, Paymaxx is saying that "only" 6 attempts were made to access their site during the exposure and that it affected "only" 12 companies. Small comfort to those companies' employees, I'm sure. However, the person whose company discovered the security hole claims that his employees made far more than 6 attempts at hacking into the site.

No comments: