In an example of how to leave breach watchers scratching their heads, NATO issued the following statement on its site yesterday:
23 Jun. 2011
Probable data breach from a NATO-related website
Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.
A little more transparency would be good, guys. What kind(s) of data did the attacker probably get? When did this probably happen? What should users probably do? I probably need more coffee before I read such notices.
If any reader actually received a notice from NATO’s e-Bookshop, please forward a copy to me via this site or DataLossDB.org so that we can include it in the database.
Kudos to The H for catching the notice.
Update: John Oates of The Register has some details of the notice NATO sent out:
The email said: “Our examinations show a possible compromise of user information (username, password, address and email address) for people who have ordered publications from the e-Bookshop or subscribed to our email service.
“If you use the same email and password on other web platforms it is highly recommended that you change your passwords.”