NATO e-bookshop discloses “probable” data breach (Updated)

In an example of how to leave breach watchers scratching their heads, NATO issued the following statement on its site yesterday:

23 Jun. 2011

Probable data breach from a NATO-related website

Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.

A little more transparency would be good, guys. What kind(s) of data did the attacker probably get? When did this probably happen? What should users probably do? I probably need more coffee before I read such notices.

If any reader actually received a notice from NATO’s e-Bookshop, please forward a copy to me via this site or so that we can include it in the database.

Kudos to The H for catching the notice.

Update: John Oates of The Register has some details of the notice NATO sent out:

The email said: “Our examinations show a possible compromise of user information (username, password, address and email address) for people who have ordered publications from the e-Bookshop or subscribed to our email service.

“If you use the same email and password on other web platforms it is highly recommended that you change your passwords.”



About the author: Dissent

Comments are closed.