Monday, 22 February 2010

Now an Ulster Historical Foundation website security breach

Last Monday, the Irish Family History Foundation announced that it has experienced a major security breach. Guess what? The Ulster Historical Foundation (www.ancestryireland.com) has just announced the same thing - a week later. I won't reproduce the e-mail, as it is almost word for word the same as that of the IFHF - see URGENT - Irish Family History Foundation website security breached. The bottom line, once again, is that you need to change your login details.

Which is the problem really. The two sites are hosted by the same platform, BRS Genealogy Ltd, but whilst the IFHF sought to alert its customers straight away, is it the case that the Ulster Historical Foundation has waited an entire week to let its customers know? If so, is their customer security not worth acting on urgently? And what does that say about its respect for its customer base? Or is this in fact a second breach? If so, is it ever worth using the sites hosted by BRS Genealogy Ltd again if they cannot guarantee customer security of information. Truly shocking either way.

I won't swear. I promise I will not swear... but trust me, I'm close to it. I am now assuming that all sites accessed via BRS Genealogy Ltd (i.e. the regional sites you go to from the IFHF site) are similarly compromised.


UPDATE - I emailed the UHF this morning with the following: Dear Sir/Madam, Can I ask if this is a second security breach on a BRS genealogy site in a week, or did the UHF wait a week after the IFHF announced the same thing to let us know? Chris Paton

Response: Hi Chris, It is the same security breach. As we share servers with BRS Genealogy further investigation was required to determine whether our databases were also affected. Regards, David Graham, Web Administrator, Ulster Historical Foundation

So it does indeed seem that they did not feel it was important to alert members anyway as a cautionary measure, even though the IFHF site (on which the UHF also hosts records) was already known to have been compromised.

Chris

www.ScotlandsGreatestStory.co.uk
Scotland's Greatest Story
www.twitter.com/chrismpaton

No comments: