Bad Week For Global Security

This was a bad week for non-U.S. security managers. On Monday (Aug. 30), Australia's Commonwealth Bank proudly issued a news release that said "In an Australian banking first, Commonwealth Bank today announced increased protection for customers shopping online with the introduction of NetCode SMS or token--a one-time password" and that "It provides customers with a convenient authentication check-point and increased security." It proved secure, all right. Not only did it reject fraudulent transactions, it rejected legit ones, too. Can't be too careful these days. The problem was reportedly fixed by the end of the day.

Meanwhile, German pharmacy chain Schlecker accidentally made available on its site the names, addresses and profiles of about 150,000 customers. The Daily Bild quoted an unidentified chain spokesperson saying that "the mistake had been not Schlecker's but rather had been made by an external service provider. The paper said "first and second names, the addresses, genders, E-mail addresses and customer profiles were all accessible. A further 7.1 million E-mail addresses of customers receiving the firm's newsletter were also available." Added the spokesperson: "We are in close contact with our service provider." My guess is that, from the service provider's perspective, it might be a little too close for comfort.