Security breach at the Pan Am Games
Two days ago about half the media I know here got the following anonymous email:
To prove that this is not a joke, I have included just 2 unsensitive informations about you.
At this point the individual, who identifies themselves as Galileo Truman, a web developor, includes the journalist's passport number and birthday. It goes on to say he is not a hacker, but:
I am sure somebody else with bad intentions could gain easily access and abuse this security hole.
When we applied for our media accreditation, we sent two pages of personal information to organizers here — photos, parents names, addresses, phone numbers, passport copies, etc. Obviously we were all pretty concerned.
But the most disturbing thing of all has been the response from COPAG, Guad's Games organizing committee.
Regarding a supposed hacking of the official website for America´s Fiesta, the XVI Pan American Games Guadalajara 2011 Organizing Committee (COPAG) assured that its databases are completely secured...
In the email claimed that hackers could be able to gain access to personal data of the journalists. However, COPAG explains:
“It is suspected that there was an illegal instance of access to the database. It is confirmed now that this statement is not true,” explained the Assistant Director of Information Technologies of COPAG... The COPAG databases and the website are not linked to each other...
“Access to the information may have occurred because of an incorrect use of a real password for the registration system. The person that had the password may have accessed the information shown in the screen and therefore was able to make participants uncomfortable,” he added, which is why it is possible that people registered to the system may get more emails like this.
COPAG dismisses any claims of hacking to the database, and has cancelled 100 per cent of the passwords to the registration systems. Also, important and confidential information of the registered participants has been eliminated.
I really don't feel comfortable with that response. If they weren't able to access the system, then how did the individual get a hold of these journos' passport numbers? They claim that no other officials here have been impacted — like athletes or volunteers — then again, they also say a breach didn't occur. Our Olympic committee is investigating the issue and we've all froze our credit reports, but I have to say: not impressed COPAG. Not impressed.
Wow, comical if it were not tragic. Watch for identity theft, not just the credit reports.
Posted by: William | 10/26/2011 at 12:27 PM
The answer is akin to stating: "The reason this person has this information is that we gave it to him, he didn't take it, therefore it's not theft. Rest assured".
Of course it's a breach! A massive one.
Posted by: steve | 10/26/2011 at 03:32 PM
Why not contact the hacker and get more from the hacker's perspective on this
Posted by: Jer | 10/26/2011 at 06:34 PM