Feeds

Scarborough Building Society pulls insecure 'print' form

Ticked all the wrong boxes

Choosing a cloud hosting partner with confidence

Scarborough Building Society has pulled an insecure form from its site after it emerged that sensitive information was sent over an unencrypted connection.

An online application form for various types of savings accounts invited prospective investors to fill in various categories of sensitive personal information before printing off the form and sending it in to the society by conventional post. In reality, data was exchanged with the society's servers as checks were made to ensure the form was filled in correctly. This contradicts what the society told customers at the bottom of the form and what was implied by the procedure of posting off information they had typed in.

Not only that, but as Reg reader Alan Iwi was quick to notice this data was sent over an insecure (unencrypted) connection, leaving it vulnerable to potential eavesdropping attack. Scarborough reacted quickly on notification, and pulled the form and launched an investigation.

"We have experienced a technical issue with the form and have temporarily removed the ability to submit any form containing personal information online for checking. A technical solution to the issue will be put in place over the next few days," a Scarborough Building Society spokeswoman explained.

Scarborough Building Society was founded in 1846 and is the second oldest building society in the UK. The mutually owned financial organisation manages assets worth an estimated £2.9bn. ®

Choosing a cloud hosting partner with confidence

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.