infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Newly Discovered World Cup Database Breach E

[ISN] Newly Discovered World Cup Database Breach Exposed 250, 000 Attendees' Details

From: InfoSec News <alerts_at_nospam>
Date: Mon Sep 13 2010 - 05:39:53 GMT

By Ericka Chickowski
Special To Dark Reading
Sept 10, 2010

Hundreds of thousands of attendees at the 2006 World Cup in Germany were
put at risk of identity theft, though the major breach of a FIFA
database was only recently uncovered.

Initially reported by Norwegian newspaper Dagbladet, the breach came to
light when an employee of the firm in charge of World Cup 2010 ticketing
circulated an e-mail peddling more than 250,000 2006 World Cup customer
details, including such personal information as birth dates and passport

According to Rob Rachwald, director of security strategy at database
monitoring firm Imperva, the interesting hook to this story is that the
customer data in question came from the Germany event four years ago and
not the South African World Cup last summer. He says the event is
indicative of a number of failures, including carelessness with older
databases and unused data, a failure to think beyond the conclusion of
the event, and a failure to have a full data security protection and
destruction strategy.

"At the end of the '06 World Cup, a data destruction process should have
been performed, and it clearly didn't occur to anyone [with FIFA or its
IT firm]," Rachwald says. "[A good strategy should] identify what you
have, attach risk and design a protection and destruction program."


Subscribe to InfoSec News -