Slashdot Mirror

← Back to Stories (view on slashdot.org)

Governmental Servers Wiped? Never!

Posted by timothy on from the but-this-is-in-australia dept.

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

4 of 284 comments (clear)

  1. You understand that... by PrivateDonut · · Score: 5, Insightful

    if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.

    Then at a later date, he could do his evil work using that data.

    Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.

  2. Cheaper ways... by pimpimpim · · Score: 5, Insightful
    There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:

    http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004
    see october 7th 2004

    Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

    These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.

    --
    molmod.com - computing tips from a molecular modeling
  3. Data Protection? by HugePedlar · · Score: 3, Insightful

    The UK's Data Protection Act, especially as it pertains to medical data, is remarkably strict.

    Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.

    I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.

    The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.


    It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.

    --
    Argh.
  4. What you *should* be worried about.... by brunes69 · · Score: 4, Insightful

    ... is the more likely scenario - that, for every one of these incidents that are reported, there are 10 that are not.