UK’s Information Commissioner’s Office (ICO) is investigating BT in relation to a claim by a whistleblower that the company had ‘exposed user credentials en masse’.
BT is moving customers from a Yahoo! Inc. mail system to a new email system from the company Critical Path acquired by Openwave Messaging Inc.
According to reports the whistleblower, a former employee of Critical Path, warned the Information Commissioner’s Office (ICO) that Critical Path Inc was running an insecure mail system for BT.
ICO contacted BT last week, related to the concerns about email-security and is looking into the allegations to check for any violation of the UK’s data laws.
The whistleblower alleged that BT subscribers’ accounts were logged by the messaging provider and that he was concerned by the “careless implementation of security safeguards affecting the privacy of BT internet mail users.”
BT said that the whistleblower’s complaint related “to an issue identified and fixed” and assured that they haven’t received any report of a data breach, till date.
“BT takes the security of all products very seriously and, in the process of developing new services with partners, we rigorously audit and test for security,” a spokesman for BT said in a statement.
BT also confirmed that the ICO had contacted the company to begin enquiries following the whistleblower’s remarks.
In the confidential documents leaked the ICO had stated “On the basis of the information [the whistleblower] provided, we consider it unlikely that BT has complied with the requirements of the [Data Protection Act].”
“This is because the evidence [the whistleblower] … provided to us indicates that BT customer email accounts were being compromised by spammers/scammers on a daily basis and that BT was aware of this.”
Concerns were in the same documents that BT was using HTTP, as opposed to the encrypted protocol HTTPS. The company, however, has denied this in a statement to BBC “BT Mail is HTTPS, not HTTP, and we would not use HTTP with live customers.”
[Source: The Register, BBC]
