A firm responsible for managing France's "Three Strikes" anti-piracy program has had one of its servers accessed due to poor security, with the possibility that personal data has been stolen.
The firm, Trident Media Guard (TMG), has tried to downplay the incident saying that they believe "no personal data was disclosed", as the "hacked" server was merely a test server.
TMG helps the French government monitor P2P networks to collect user data, including IP addresses, for use in sending warnings to downloaders, and cutting off their Internet access if they do not heed the warning, the so called "graduated response".
Even if personal data of the thousands of people TMG has collected information on, as part of the government's program to catch online pirates, was not accessed, the test server did yield a treasure trove of information, including scripts and clients used by TMG to collect data, as well as IP addresses used to create fake peers (addresses that, if known, can be blocked and thus prevent TMG from continuing to monitor P2P traffic).
The security breach was discovered by security researcher Olivier Laurelli, who uses the nick Bluetouff online. He discovered that due to lax security on the test server, which allowed contents on the server to be viewed with little trouble. The most worrying inclusion appears to be passwords that TMG uses.
Do you think private companies tasked with handling sensitive personal data for the government should be held to a higher standard when it comes to security and privacy issues? Post your comment in this news article's comments section, or in this forum thread: