Flux rss en fonction de votre recherche RESET

How can I protect customer data?

Introduction

A political party entrusted the management of its IT to a private company.

Trigger

The databases were hacked and deputies received text messages and emails insults.

Incident

The hackers used an SQL injection, discovered by chance by using a search engine, which allowed them access to 160 databases in connection with the party, as the subcontractor  had left his server and MySql open and used the same password for all of them.

Resolution

A private company who used the current technology, carried out a public communication monitoring between hackers, and discovered the computer hackers through the online robots

Conclusion

We can  never too careful, especially if one contracts out  its computer system. It is wise to check the security offered by the private company.

timbre signification

Recommendations

The party subcontracted a hosting company without defining a security policy. Either the controller of the data file is responsible for processing the data he performs directly or by subcontracting. The controller of the data file is responsible for the security of the data he processes, and must regularly assess security measures taking into account the risks related to data protection.

Basic principles

Data security

Related scripts