French information technology giant Bull SA acknowledged Aug. 31 that an internal sales and marketing database loaded with customer contact names and network configurations was exposed on one of its data-processing servers.
Blaming human error for the problem, a Bull spokesman said the exposed files have now been protected. "It should have been password-protected, and the protection was no longer there, and we are leading an investigation to see exactly what happened," he said.
The glitch was announced Aug. 31, but the Paris-based company said it didn't know how long the data had been exposed. According to Bull, the flaw was discovered by several security analysts, including some at Paris-based Kitetoa.com, who alerted the company. Kitetoa had notified Bull in April of a similar but unrelated problem involving exposure of a server's file structure.
Bull sells management and security software to a range of international clients, including France Telecom SA in Paris, Barclays Bank PLC in London and the British Royal Air Force.
Bull SA, which does business in more than 100 countries, recently spun off its Evidian subsidiary to offer secure networking products in the U.S.
Kitetoa said in a statement that the glitch allowed analysts using only a Web browser to view confidential information such as the type, location and configuration of servers sold by Bull, as well as customer names and contact information. According to Kitetoa, "As these companies feel it is important to keep some data secret, they should do it properly. Putting confidential data on a public Web server with an external IP address is stupid."
While the Bull spokesman insisted that no sensitive or confidential information was exposed on the database, he did acknowledge that the data included customer names and contact information and the configuration and cost of equipment sold.
However, a Kitetoa spokesman noted, the documents exposed were marked "internal use only" and "confidential data" and could provide useful information to the company's competitors.