in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Security: ADP Australia Accidentally Exposes Email Addresses On The Internet

According to zdnet.com.au, ADP Australia made email addresses accessible on the internet.  Depending on how you view it, you could claim that data encryption should have been used to protect the information.

Marketing List from 2007

ADP is the biggest payroll processing company in the US.  In fact, it's so big that it releases its own US national employment report that, according to many experts, is very accurate.  Like any successful business, it's gone beyond national borders to tap growth, and hence their presence in Australia.

According to zdnet.com.au, ADP Australia inadvertently exposed on the internet a list of email addresses that were used in signing up for a company newsletter.  No other information was exposed besides the email addresses (no names, phone numbers, etc.).

It's made clear that the list was dated 2007, but apart from this, ADP hasn't been forthcoming about the details.  For example, what does it mean by "dated 2007?"  Is it a list of people who signed up for the newsletter in 2007?  Or is it a list that contains all the email addresses that signed up for the newsletter up to, and including, the year 2007, or what?

Is this a Data Breach?

A more important question might be, is this a data breach?  After all, if it isn't, what does it matter whether the information pertained to 2007 only or otherwise?

Truth be told, a list of email addresses being exposed doesn't really feel like a data breach.  On the other hand, I've already noted before that it can be a vector for further crimes (just like an SSN is not really valuable in of itself):

  • You can run an untargeted scam.  Think of spam regarding ED drugs: those emails are sent without considering who receives it, in the hopes that someone will say "yes"
  • You can run a targeted scam (while the list only contains email addresses, everyone knows it's from ADP Australia).  Think of targeted phishing attacks.

Aside from the above, one might also want to consult the law.  I don't know about Australia, but there have been cases in the US that show that email addresses are indeed personal data, and hence their untimely exposure is a data breach.  Also, Canada is another nation where email addresses are considered personally identifiable information.


Related Articles and Sites:
http://www.zdnet.com.au/adp-exposes-client-emails-339326541.htm

 
<Previous Next>

Storage Tape Encryption: ValueOptions Notifies State Authorities Of Data Breach

Data Security: Passwords Are Pretty Important When Securing Mission Critical Systems

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.