A US government web site is reported to have suffered a security
lapse enabling internet users to access confidential information
relating to companies involved in the Safe Harbor data protection
scheme. The Safe Harbor initiative operates a registration scheme
for US companies wanting to exchange personal information on EU
citizens without breaching strict EU data protection laws.
According to Wired.com, a security hole has been discovered in
the Safe Harbor web site, which gives access to confidential
information including company revenues, numbers of employees and
the EU countries with which individual companies trade. Wired.com
claims that this loophole has been in existence since the site went
on-line and that it allows unauthorised members of the public to
alter information on the web site database.
This breach of security contradicts express guarantees given to
the companies registered with the scheme that their details will
not be made publicly available without their consent except where
required by law.
A notice was posted on the Safe Harbor web site last Thursday
stating that both the self-certification form and the Safe Harbor
list had been removed from the site as part of a security
review.
