Feeds

Tosh UK rewards competition hopefuls by exposing their privates

ICO slaps wrist after URL twiddling leaked personal info

Beginner's guide to SSL certificates

Toshiba Information Systems UK breached the Data Protection Act, the Information Commissioner's Office (ICO) has ruled.

The company published the personal details of 20 competition entrants on its website, which were compromised by a security gaffe, the watchdog growled.

"A security fault with the incremental numbering of the competition entrants registration URL created the potential for access to other customers' personal data for a two-month period," the regulator said.

The ICO was told about the privacy blunder in September. Names, addresses and dates of birth as well as contact information were exposed on the site after people registered for an online competition. The watchdog found that Toshiba had failed to put in place the correct measures to detect that a web design cock-up had been made by an unnamed third-party coder.

"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," said ICO head of enforcement Stephen Eckersley.

"We are pleased that Toshiba Information Systems (UK) have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure."

He warned: "We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples’ details online."

Toshiba inked an undertaking [PDF] with the ICO to implement security measures to ensure that the personal data it handles are protected. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.