Website Security Flaw Costs ZD (Wired)
[Posted September 4, 2002 by dennis]
Brian McWilliams
reports, in Wired, that a security oversight which allowed unauthorized
web access to some customer's
identifying information and credit card numbers has resulted in
Ziff-Davis Media agreeing to pay $500 each to about 50
affected customers and an additional $100,000 to the state of New York.
An investigation led by New York with the assistance of Neohapsis
revealed that Ziff-Davis failed to follow industry-standard security
practices, such as encrypting and password-protecting the data, and
keeping track of who accessed it.
According to the settlement agreement (PDF), the attorneys general
concluded that Ziff-Davis was guilty of violating their states'
business laws prohibiting deceptive business practices and false
advertising.
(
Log in to post comments)