THE RETAIL BULLETIN - The home of retail news
Click here
Home Page
News Categories
Commentary
Department Stores
Electricals and Tech
Entertainment
Fashion
Food and Drink
General Merchandise
Grocery
Health and Beauty
Home and DIY
Interviews
People Matter
Retail Business Strategy
Property
Retail Solutions
Electricals & Technology
Sports and Leisure
Christmas Ads
Shopping Centres, High Streets & Retail Parks
Retail Events
People in Retail Awards 2024
Retail HR Central 2024
The Future of The High Street 2024
Retail HR Summit
THE Retail Conference
Upcoming Retail Events
Past Retail Events
Retail Insights
Retail Solutions
Advertise
About
Contact
Subscribe for free
Terms and Policies
Privacy Policy
Experts say Parcelforce data leaks caused by code audit shortcomings

Fortify Software, the application vulnerability specialist, says that the Parcelforce data leak – in which Web customers were given access to the entire customer records of… View Article

RETAIL SOLUTIONS UK NEWS

Experts say Parcelforce data leaks caused by code audit shortcomings

22 June, 2009 | by

Fortify Software, the application vulnerability specialist, says that the Parcelforce data leak – in which Web customers were given access to the entire customer records of seemingly random data relating to other customer’s postal consignments – is almost certainly the result of shortcomings at the program code auditing stage.

“From what has been reported by the BBC and others, this sounds like a scripting issue with the site concerned,” said Richard Kirk, Fortify’s European director.

“What’s interesting about the Parcelforce site is the scripts used on the main landing pages appear to have been developed in-house, rather than the firm relying on third-party interfaces. This suggests to me that the site was developed by an in-house programming team using Omniture’s SiteCatalyst software,” he added.
The problem with in-house development of Web sites, says Kirk, is that whilst the staff concerned can be well acquainted with the requirements of the company, they may well lack the facility of looking at the code from an audit perspective.
Things have moved on from the old days of `soak tests’ with programs and Web sites, he explained, adding that his means that external professionals are usually asked to conduct a range of tests on the Web site software, even including penetration testing where appropriate.
Whether this happened or not remains to be seen, but the fact that customer data was leaked means that the company has probably breached the Data Protection Act, meaning that an investigation is likely.
The Information Commissioner’s Office is reported to be contacting Parcelforce to work out what actually happened with the Web site errors and what can be done to prevent it happening again, said Kirk.
“Almost certainly this will involve some sort of audit. It is to be hoped that, as well as Parcelforce learning from this situation, that other companies realise it could be their own IT team involved in the corporate red face stakes and review their own Web sites as well,” he said.
“Only by efficient code auditing can major errors like this be avoided. We all learn from mistakes. Some more than others,” he added.

Subscribe For Retail News