China Hack Affects 6 Million
Breach Roundup: Customers Receive Wrong Bank StatementsChinese police have detained four people and punished eight others as a result of a massive data breach that is alleged to have exposed the personal information of more than 6 million users of the China Software Developer Network, the country's largest programmers' website, according to People's Daily, the official newspaper of the Communist Party of China.
See Also: Alleviating Compliance Pain Points in the Cloud Era
According to CSDN, leaked information included IDs, passwords and e-mail addresses in clear text.
Hackers also leaked user passwords of social networking websites Sina Weibo and www.kaixin001.com through guesswork, police say.
The hacking incidents were escalated after reports began circulating that the personal details of subscribers to various social networking, shopping and gaming sites were also leaked.
A police investigation later discovered that those other websites had not been hacked, or had been attacked without their subscribers' information being leaked, a National Internet Information Office spokesman said in the news report.
Australian Bank Suffers Online Bank Statement Error
An online bank statement service error at Australian-based ANZ Bank forced the institution to shut down its service after customers were given wrong account statements.
According to news reports, about 60 people were able to view other customers' bank statements.
ANZ Bank experienced a similar problem in late 2011 and stopped the service when customers were able to view other people's accounts on shared computers.
In both cases, ANZ reported the breaches to the Australian Privacy Commissioner, Timothy Pilgrim.
"ANZ are continuing to keep me informed about their progress in investigating and resolving this matter," Pilgrim said in a statement.
"I am pleased to see that they promptly sought to notify affected customers and put in place steps to reduce any potential impacts on those customers," he says.
Pilgrim explained that organizations need to think carefully about the security of their systems and how they will impact the privacy of customers. When considering privacy, Pilgrim said organizations should consider:
- Undertaking privacy impact assessments;
- Building privacy considerations into the design of new systems early on.