Oops, we did it again

After quite a number of German companies have discovered that important data (such as customer names and bank accounts, which is enough to obtain money using a false Lastschrift), it has happened again. The LBB, which issues all sorts of credit cards for other organizations, "lost" a copy of two files, one with credit card numbers and one with secret PINs. The files found their way, anonymously, to the offices of the "Frankfurter Rundschau" newspaper.

The LBB has been rushing around assuring everyone that nothing bad has happened with the numbers, yet. But that is not the point. What are these files doing, unencrypted, on their way from the bank to the company that does the grunt work on them? And why are there not procedures for making sure that no unauthorized copies are floating around? This is not blog data. It can be used to milk money from people's accounts.

When will the banks begin to take stuff like this seriously?

No comments: