Student reveals flaws in companies’ DSAR responses

BBC News reports Oxford Ph.D. student James Pavur revealed more details about how companies inadvertently revealed personal information during bogus data subject access requests. Pavur tried to pry the personal information of his fiancée from 150 organizations. He ended up scraping 60 pieces of personal information from the companies, including previously breached usernames and passwords, a list of past purchases, 10 digits of her credit card number along with its expiration date and issuer, and her past and present addresses. In some instances, Pavur used forged identification documents, including a postmark and a bank statement, that companies accepted in exchange for access to information.
Full Story

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips