Would you be a concerned customer, if....

[AdamD]

A company I used to work for here, was responsible for alot of things

They were basically a company which dealt with other companies work (outsourcing)

Mostly credit card transaction and check processing for various things, like bills for major companies in the UK

Being a computer techie, I noticed several, well, alot of major flaws in how their system was setup, security wise, both computer and office related.

Here's but a few of the flaws

1) All the pc's had a local, administrator logon, which everyone knew the password to and it was a very generic login (like admin/admin)

2) All the pc's had unrestricted/unfiltered access to the net, with no tracking or any kind of filtering enabled (DSL Internet)

3) All the pc's had full read/write access to any other computers harddrives, even the servers

4) NONE of the pc's had any anti virus, spyware OR firewall in place (Anti virus software, namely sophos was only installed after about 5 months, but nothing had been installed prior to my arrival at the company)

5) All the pc's had a form of VNC (remote desktop connection software) in place, all using the same password

6) All pc's were using Windows XP, PRE Service pack 1, never updated

Bearing in mind, these are the same pc's that scanned sensitive data, like checks, credit card information, addresses and all that stuff

The main server down stairs, had the access passwords for all this stored data, stuck to the screen on a piece of paper

The entry alarm code for the main building, was set to 1,2,3,4 for the first 6+ months I Worked there.

My supervisor who was there for the first 7 months of my term, got fired for various things, including harrssment, leaving the offices empty/unattended/unalarmed when it was supposed to be occupied, he was also accused of throwing actuall work away
We were told to advise outside companies if they asked why he was removed that he was fired for harrssment and not that he'd left the building unattended/unsecured or that he was accused of throwing their work away

Did I also mention for the first 8 months of my 9 months employment, stuff was thrown away on a daily basis (Letters, envelopes, reciepts etc) into the NORMAL trash cans, NOT in the sensitive data bags?

[Gareth]

...er, yes - on every count.

[Shaun]

Sounds like when I worked for Hays Customer Solutions.

[AdamD]

One of their customers, was/is NTL, they dealt with all the complaint letters and I "think" checks
I don't know if that's still true though, I left there over a year ago
I know they aquired a contract with Ebay shortly before I left, processing UK and European checks

[LSainsbury]

Wasn't there a thread similar to this a year or two ago?
I seem to recall the list of vulrabilities listed...

---------- Post added at 10:13 ---------- Previous post was at 10:12 ----------

Quote:

One of their customers, was/is NTL, they dealt with all the complaint letters and I "think" checks

NTL was also in the picture on the last one as well...I think!!

[foreverwar]

AdamD,

did you raise these issues with anyone in the company (besides your supervisor who got fired)?

[Paul]

You should also report them for numerous breaches of the DPA which states that data should be kept secured at all times.

[Jules]

It all sounds very worrying to me.

[AntiSilence]

Sounds as good as the banks throwing all your personal details in the rubbish!

[Chimaera]

Yeah - why not tip off the local press and tell them to go and snoop in that company's bins late at night and see what they can find - identity fraud is big in the news lately, and I'm sure they would welcome a big news story like that on their doorstep.

[David F]

not the local press go to the Sun or Mirror could also inform watchdog

[Gareth]

or if we're talking about TV shows, how about Panorama for the Beeb or Dispatches for Channel 4. They do the anonymous whistleblower parts pretty well these days.

[AdamD]

I don't work there now, but yep, I did raise it with them AND the I.T guy

Problem is, well, I posted about this company before when I got suspended from my job, along with another colleague.

Main issue is they don't/didn't like anyone touching the computers, they know I and another guy had an I.T background, so whenever something went wrong with the computers, we were first on the list of suspects

I used to work from 2pm to 10pm, our team never used the computers till after 4:30pm, when the "day staff" went home.

During the day, someone on the day staff deleted all the icons to the programs we use as well as the program files themselves
Bearing in mind, we hadn't touched them until after 4:30pm and the minute we saw the missing icons, we reported it
About 9 computers had stuff deleted from them
Anyways, they suspended me and another guy, even though we and others informed them we weren't on the computers during the day, we were suspended because we were the "only ones who knew how to delete programs/icons" (erm...?)
So pending an investigation, we were off for a week, we came back, I was cleared, but the other guy, who the manager didn't like, was harrassed for about an hour till he eventually walked out and quit.
Which is why I didn't bother raising any potential security or privacy issues with them again.

There's so many incidents I Can think of where there's been or could've been problems, it's unfathomable
Like, all the USB ports on the front of the computers were enabled, as were the floppy drives and the cd rom/dvdrom drives.
On two computers there were copywrighted songs (about 20 mp3's) in a "My downloads" folder, no doubt obtained via Bearshare or something similiar
We even had a bulletin sent round via email to the senior staff saying not to attach stuff to the computer's USB ports, apparently there'd been a breach of data at another site (I bet the clients weren't told that though)
But, nothing changed, the ports were still enabled, people were still putting personal CD's into the machines to "Listen to music"

I don't think i'll go anywhere with it, mainly because i'd be seen as a "disgruntled employee"

(I was fired for recording my line manager slagging off another staff member and calling her names)
heh, I know, bad.
Being fired from that job though was probably one of the best things that could've happened to me.

Quote:

Originally Posted by foreverwar

AdamD,

did you raise these issues with anyone in the company (besides your supervisor who got fired)?

[LSainsbury]

Quote:

Originally Posted by AdamD

During the day, someone on the day staff deleted all the icons to the programs we use as well as the program files themselves
Bearing in mind, we hadn't touched them until after 4:30pm and the minute we saw the missing icons, we reported it
About 9 computers had stuff deleted from them
Anyways, they suspended me and another guy, even though we and others informed them we weren't on the computers during the day, we were suspended because we were the "only ones who knew how to delete programs/icons" (erm...?)
So pending an investigation, we were off for a week, we came back, I was cleared, but the other guy, who the manager didn't like, was harrassed for about an hour till he eventually walked out and quit.

All this has been posted before....and I'm sure on here...- I remember the bit about the icons !!!

AdamD - are you for real? Have you told us this one before??!!

[AdamD]

Naw, I did post about the icons going missing and me being fired, but not the security/privacy issues on the computers and in the office, hehe.