recent work

Customers of and – their data at risk of disclosure


ZDNet has today reported that weak authentication has left customers of and with their data at risk of disclosure.

When customers of ‘retrieve their quote’, the level of authentication just ‘isn’t strong enough’, says Sean Sullivan, Security Advisor for F-Secure labs.

“Email, surname and birth-date is not good enough. Black-hat scripts can scrape data from Facebook accounts,” said Sullivan. “Just throw it into a database and write a script to enter the data [on the prompt page]. I have no doubt someone would try it.”

With competitive prices for such information in the world of cybercrime, it isn’t hard to see how an individual’s personal data could be passed on without knowledge or agreement. Similarly, customers, who forget their password, pass through an incredibly simple retrieval process, and with the questions asked in this process easily obtained, authentication is inadequate, says  technology publication PC Pro.


Our interest in this article here at Absolute Data was fuelled because we are constantly advising clients about privacy risk management and the activities of third parties in undertaking “unauthorised” independent and uncontrolled risk assessments of the data processing of other companies.  We preach that it’s far better to have your own risk assessment regime than to have third parties potentially with axes to grind carrying them out.

To view the whole article, please go to:

For more information on Absolute Data Risk Assessments contact us at