Whoops! Another website leaks data and dates of birth

Just earlier today I was telling you about The Princeton Review who have been left with egg on their face after a competitor told the New York Times that confidential details of tens of thousands of American students had been exposed.

Well, what do you know? Another website has come a cropper in a similar way.

This time it’s the Institute of Chartered Accountants in Ireland. According to media reports, details of 17,000 Irish accountants was accidentally published on its website.

The sensitive information includes members’ personal addresses, email addresses and telephone numbers, as well as dates of birth – all valuable stepping stones for any criminal intending to commit an identity theft.

The reason why this data was exposed? Apparently the Institute of Chartered Accountants in Ireland redesigned its website – unfortunately improving its usability also potentially made it simpler for the bad guys to access valuable information too. The Insitute only learnt about the problem when a member warned the organization in early August.

The good news is that there is no indication that the data has been used by criminals (ah, the luck of the Irish..) but as the information did manage to be ‘spidered’ by search engines it may still be accessible by committed identity thieves prepared to trawl through caches.

It’s obvious that too many organizations are being careless with the information they gather about their employees, customers and users. More steps must be taken to secure all points of the enterprise, and careful consideration must be made as to what information needs to be stored to reduce the chances of an embarrassing data breach.