DMASA Database Leaked In South Africa
According to a report by ITWeb, nearly 39,000 South Africans who signed up on the Direct Marketing Association of SA's (DMASA's) "do not contact" database are at risk of identity theft, because the list has been leaked to companies that aren't DMA members.
They may find their personal identifiable information floating around in public and may be at risk of being targeted for fraud, and possibly contacted by unscrupulous marketers.
The database is said to contain sensitive information, such as contact information, address information and identity numbers, and is distributed to the association's 389 members on a monthly basis via e-mail. Members are then instructed not to contact people listed in the database.
However, the registry has allegedly been leaked outside of DMASA's circle, putting thousands of people who signed up to avoid direct marketing at risk of having their identity stolen and defrauded.
The report from ITWeb also mentioned that Dominic Cull, owner of Ellipsis Regulatory Solutions, has seen a cracked copy of the entire database in the possession of an entity that isn't a DMASA member. Cull says the list contains all the information an identity thief would need: identity numbers, contact details and addresses.
Another industry source has received several lines of the database in his inbox from a DMASA member, which he wouldn't name as it's against the association's rules to circulate the list outside of the organization. However, despite the rules, the source says it's not hard to get a copy of the entire database.
The Direct Marketing Association CEO, Brian Mdluli, however, confirmed that the database is not forwarded to anyone who is not a member of the association. He claimed that the database is also secured by means of a password, which is not included in the email when sent to members. He then provided ITWeb with a forward-tracking report covering April and May's databases, which shows that neither the password nor the list has been "forwarded" externally via e-mail.
"We track and trace every single database that we circulate to our members and the database hasn't been forwarded externally," Mdluli said to ITWeb.
Of course, this doesn't prevent someone from copying the data and forwarding it to non-members, or even forwarding the protected file along with the password. "Tracking forwarded e-mails doesn't prevent the spreadsheet from being opened, saved as an unencrypted copy and then sent out again," said Steven Ambrose, MD from WWW Strategy. "It also doesn't stop someone copying and pasting the list into a new spreadsheet," he added.
According to Mdluli, the DMASA will implement a file transfer protocol system that means members will have to upload queries, which will be more secure.
Organizations need to implement robust internet security and information security initiatives, including hiring highly trained information security experts to handle their customers personal information in order to avoid data breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
They may find their personal identifiable information floating around in public and may be at risk of being targeted for fraud, and possibly contacted by unscrupulous marketers.
The database is said to contain sensitive information, such as contact information, address information and identity numbers, and is distributed to the association's 389 members on a monthly basis via e-mail. Members are then instructed not to contact people listed in the database.
However, the registry has allegedly been leaked outside of DMASA's circle, putting thousands of people who signed up to avoid direct marketing at risk of having their identity stolen and defrauded.
The report from ITWeb also mentioned that Dominic Cull, owner of Ellipsis Regulatory Solutions, has seen a cracked copy of the entire database in the possession of an entity that isn't a DMASA member. Cull says the list contains all the information an identity thief would need: identity numbers, contact details and addresses.
Another industry source has received several lines of the database in his inbox from a DMASA member, which he wouldn't name as it's against the association's rules to circulate the list outside of the organization. However, despite the rules, the source says it's not hard to get a copy of the entire database.
The Direct Marketing Association CEO, Brian Mdluli, however, confirmed that the database is not forwarded to anyone who is not a member of the association. He claimed that the database is also secured by means of a password, which is not included in the email when sent to members. He then provided ITWeb with a forward-tracking report covering April and May's databases, which shows that neither the password nor the list has been "forwarded" externally via e-mail.
"We track and trace every single database that we circulate to our members and the database hasn't been forwarded externally," Mdluli said to ITWeb.
Of course, this doesn't prevent someone from copying the data and forwarding it to non-members, or even forwarding the protected file along with the password. "Tracking forwarded e-mails doesn't prevent the spreadsheet from being opened, saved as an unencrypted copy and then sent out again," said Steven Ambrose, MD from WWW Strategy. "It also doesn't stop someone copying and pasting the list into a new spreadsheet," he added.
According to Mdluli, the DMASA will implement a file transfer protocol system that means members will have to upload queries, which will be more secure.
Organizations need to implement robust internet security and information security initiatives, including hiring highly trained information security experts to handle their customers personal information in order to avoid data breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
Source...