Tiscali in UK consumer data security breach
John Leyden writes in The Register:
Tiscali has apologised after a data security breach left the name, address, contact information and product order of random customers displayed to other subscribers of the ISP on Friday. The UK ISP sent out an email to its customers to accompany the launch of new broadband products offering them the opportunity to re-grade their current service package.
Clicking on a link in the email took subscribers to the re-grade login page on Tiscali's website. But after subscribers logged into their accounts they were presented with someone else's details. Subsequent attempts to login produced someone else's details each time, Reg readers inform us. "There was a scripting error with the site, which we took offline and fixed. The service has now been restored," a Tiscali spokeswoman explained.
She added that the error was confined to Friday, 23 September and limited to name and address data.
"We keep customer address and financial data completely separate for security reasons and therefore any data shown would only have related to name and address, not payment or bank information. We know a small number of customers were affected by this and we apologise for any inconvenience caused. The upgrade service has now been reinstated," she said.