<- /data/www/lesechos/import/prod/archives/fluxxml//2014/0825/flux_import/info_flux/0203723602277.xml ->
Warning for Orange. The National Commission on Informatics and Liberties (CNIL) has publicly reprimanded the incumbent to “ default data security .” In early March, nearly 1.3 million Orange customers had been victims of theft of personal data – name, date of birth, email address and landline or mobile phone. Improper operation for the image of the incumbent, who had already flown in February data on 800,000 customers.
In March, the trouble began in Orange with a “ unsubscribe link contained in an e-mail prospecting ,” says the CNIL in its minutes. This link makes it possible to access a server secondary provider (provider of a subcontractor of Orange), XL Marketing server that contained 700 files related to customers and prospects of the operator. “, and they were sucked on March 4 and 5 from an unknown IP address ,” said the CNIL, to whom the accident was reported on April 25. During its investigation, the CNIL found that the application of the secondary provider for making prospecting had not been audited and Orange sent by “ simple email without special security measures “client files … Similarly, no provision of security and data confidentiality was imposed on secondary provider. “ The company breached its duty of safety ,” concludes the CNIL. In his defense, Orange argued in particular “ the risks inherent in a chain of subcontracting .”
At Orange today “ Taking note of the warning . ” Since the facts, provides the incumbent, the CNIL, the National Security Agency Information Systems (Anssi) and affected customers have been notified (as the law requires it) and faults were repaired – c is also why the CNIL has not pronounced “notice”. The support files are encrypted and, especially, the operator has signed a contract with its direct service, forcing the latter to enforce security by subcontractors. “Data security is not related to the number of subcontractors, says Florence Fourets, director of the protection of rights and sanctions CNIL. A company that uses a third party must sign a contract with him having clauses security and data privacy. “
Orange finally recalls that piracy is a scourge that affects everyone,” This is far from the only ones to have hacked . “The operator has instead sought to be the valedictorian of respect for personal data. In November 2013, the CEO, Stephane Richard, had solemnly signed a charter to this effect. “Orange was a good student if he had done everything possible to prevent malfunctions, but it did not” , concludes dryly Fourets Florence.
No comments:
Post a Comment