March 13, 2008
Leaking data is easy, and it is not always the result of malicious activity. This was vividly illustrated in a recent incident involving the local tourism web site for the town of Mildenhall, in the U.K. Somehow that site got onto a mailing list of the U.S. Air Force, and, for several years, the owner of the site received large volumes of confidential emails, including personal data, military information, and even presidential flight plans!
We should all learn a lesson from this: every path through which sensitive data can escape your organization, even simple mailing lists, should be periodically reviewed for correctness.