To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.mediawatchOpen lugnet.mediawatch in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 MediaWatch / 2970
2969  |  2971
Subject: 
 LEGO Australia Acknowledges Security Breach
Newsgroups: 
 lugnet.mediawatch, lugnet.general, lugnet.lego, lugnet.loc.au
Followup-To: 
 lugnet.mediawatch, lugnet.loc.au
Date: 
 Tue, 29 May 2012 21:11:12 GMT
Viewed: 
 48636 times
  
LEGO Australia Acknowledges Security Breach

1,591 LEGO Club members’ names, addresses, dates of birth and phone numbers may have been exposed.

By Jeff Goldman, May 28, 2012

LEGO Australia recently sent letters to 1,591 parents whose children joined the LEGO Club Web site between March 27 and May 5, warning them that their personal information had not been secured.

Data that may have been exposed included members’ names, addresses, dates of birth and phone numbers.

“Please note that no fraudulent activity has been reported to us, and there is no evidence of suspicious activity using your information,” the letter states. “This is just to notify you, in case you discover your information being used by a party that is not the LEGO Club, so that you can take appropriate action and to prevent any future potential misuse of personal information.”

“In an interview Caroline Squire, LEGO Australia and New Zealand director of Marketing, said credit card information was also not secured correctly for the 1,182 parents who signed their children up during the period its website wasn’t secure,” writes The Sydney Morning Herald’s Ben Grubb. “The 409 other parents who were also sent letters were those with incomplete registrations who did not enter their credit card but did enter their address. Squire said the LEGO Club website lacked SSL encryption (the golden lock usually seen on banking and e-commerce websites) for the March 27 to May 5 period after an update to the website caused the SSL certificate to be incorrectly configured, meaning transactions during the period were not encrypted.”

“The bungle was due to ‘human error,’ the company told affected customers earlier this month,” SC Magazine Australia reports. “Unencrypted traffic was at risk of interception.”

The company says it has notified the Office of the Australian Information Commissioner of the breach, and has “taken measures to ensure the security of the site for current member information and for future transactions.”

Source: esecurityplanet.com

-end of report-



1 Message in This Thread:

Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR