SSN Issue
- Started
- Last post
- 13 Responses
- lol4lyfe
Had a client do something really stupid on accident. They posted a document to their Wordpress site that listed a bunch of their customers' sensitive data. When I say that, I literally mean everything: DOB, Address, SSN, Phone, Email, Full Name.
Now the client is trying to cover it by getting it taken down from search engines, etc., but the thing is Bing, et al. have cached versions of the file since it's been up there since Novermber 2010.
What would you do? Remain quiet and do nothing, or contact these people and tell them what has happened with all of their data. Most of these people are retired at this point, given that the average birth year seems to be around 1955-1960.
- brandelec0
cached versions of retirees' SSN. i wouldn't remain quiet or do nothing.
- lol4lyfe0
^ I think I am going to have to do that. I can't bear to know that these peoples' info is sitting out there on the web and nothing being done to inform these people. The company is just trying to sweep it under the rug, which is a truly fucked up thing to do.
- registe0
http://www.google.com/privacy/fa…
http://www.google.com/privacy/fa…Privacy Matters
c/o Google Inc.
1600 Amphitheatre Parkway
Mountain View, California, 94043
USA
- lol4lyfe0
^ Already been down that road. Apparently it takes much longer than they claim, as it's been almost two weeks now.
More importantly is that Bing is caching the spreadsheet, and since we all know who owns/runs Bing, let's just say that their customer support is a vapid chasm...
With about 100 SSN's out there of retired federal employees, you'd think Bing would be a bit more accommodating to our requests for a takedown of the cached information.
- registe0
wow, that sucks, found this re: Bing
http://www.bing.com/community/si…
- lol4lyfe0
Been there already too, man. This is not about removing the page. This is about removing CACHED content.
- registe0
is the cached info you've found actually backed up into a place it is able to be opened? Or was this info published in the form of an unsecure webpage that was then cached?
I'd think, but I may be showing ignorance here, that if the cache was leading to a file, upon arriving the file would no longer be available for viewing.
And by no means do we need a link to the problem, just trying to understand it :D
- lol4lyfe0
This is what happened:
- Person uploaded XLS file with all this sensitive info in it.
- Realized what they had done.
- Used Wordpress to re-upload a new version, but they didn't have any idea that Wordpress doesn't delete files, and it just added a "-1" to the filename.
- File sat onto for about 8 months.
- A person on the list Googled their name and found the XLS file with their personal info broadcasted for the world.
- Threatened legal action.
- Client company says "we've gotta take this down ASAP before anyone else realizes."The link definitely still works for the cached info. I am sitting here in awe of it as we type, wondering how big of a lawsuit this is going to turn out to be...
- duhsign0
dayumm
- zaq0
check it out http://j.mp/m3q0ha
- tgqt0
re-write file/page removing sensitive data
resubmit URL to search engines
Cross fingers..
- adumbratesly0
Document everything you have done to date - ensure you have evidence that you did everything you could to bring what you considered appropriate action to client's attention - silence is not recommended - move fast...