Two more Dutch data breaches

Karin Spaink summarizes and translates two more breaches:

City leaks bank numbers

Private data of people who have received a building license in Groningen, is visible via the city’s website. (One needs to apply for such a license when expanding one’s house or building an addendum to it.) Data disclosed are names, addresses, bank numbers, signatures and telephone numbers. In April of this year, the city removed the general index to all approved licenses when warned that it was thus leaking data, and considered the matter done. As it turns out, simply by increasing or decreasing the file number in a url.

response: None, as of yet..
references: Oog.tv, July 13, 2010

Tour operator leaks bookings

Dutch tour operator Corendon gives people who’ve booked via their site a client number and a booking number. Turns out that these are handed out sequentially, so by just increasing or decreasing the number in the query, one can see other people’s data. Visible were: destination, date of departure, return date, flight information, amount paid, amout left to be paid, plus information about all people booked: names, addresses, telephone number, date of birth.

response: Jeroen van der Gun discovered the leak and warned Corendon on June 28. On July 7, Corendon changed the login-procedure for clients, who now also have to enter an e-mail addreess to see their booking.

references: Website Jeroen van der Dun, July 13, 2010
Bits of Freedom, July 13, 2010

About the author: Dissent

Comments are closed.