E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Toronto Star

Posted on April 11, 2000

      More than 1,000 confidential records - including credit card numbers - were accessible on the Internet for at least five days because of a security breach at one of Canada's largest service providers.

      A man surfing the Internet stumbled on the file and notified Look Communications, formerly Internet Direct, of their problem on April 5.

      The file disappeared briefly, but returned and was still there last night when The Star called.

      Nearly three hours later, the file was gone.

      ``We're shutting the whole thing down now and, frankly, I'll shut down the whole system if I have to,'' Gary Kawaguchi, a shaken senior vice-president said last night.

      He had no idea how the security breach occurred or why the company hadn't managed to deal with it when first notified.

      ``This whole thing is going to prompt us to have a third party security scan on everything we do,'' Kawaguchi said.

      Look Communications has some 175,000 customers across the country. But most of the addresses on the file were from Ontario.

      The man who found the file and doesn't want his name used got in touch with K. K. Campbell, a Star columnist who writes about the Internet for the Fast Forward section, after the company failed to fix the problem.

      ``I've been writing about this for close to 10 years and I've never seen one so close to home,'' Campbell said. It was Toronto Councillor Jack Layton's name that first jumped out at him.

      ``That's a bit scary to think it's that easily accessible,'' Layton said, when notified that an older credit card of his was on the list. ``I wonder how many thousands of dollars in fraudulent transactions have gone on. The company certainly owes people an explanation.''

      Kawaguchi said they notified the credit card companies last night.

      The list contained names of people who subscribed to Ipass, a global roaming service for the Internet that allows users to pay local rates instead of long distance charges.

      Jacqueline Miller, a graduate student who does a lot of work abroad, applied for the service to save money. While upset that her American Express card number was out in the open, Miller wasn't surprised. When she originally tried to sign up for the Ipass service over the Internet, the screen told her it wasn't a secure Web site.

      ``So I did it all verbally by the phone, because I refused to use their Web site,'' she said. ``I told them at the time, but they insisted `No, it is secure.' ''

      Chris Davis, an Internet security specialist, said he was shocked.

      ``Any of those people on that list could sue that company,'' said Davis, CEO of HeXedit Network Security Inc., from his Ottawa home last night.

      Credit card information is supposed to be sent from the user to the company on a secure encrypted link, he said.

      Once it reaches the company it is un-encrypted for use but should then be destroyed.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.