Polish digital TV broadcaster N (owned by ITI Neovision) has disclosed a breach of customer data records – after PII was discovered accidentally on the Net by a subscriber via a search engine.
The partner who manages our offices in Warsaw (the team specializes in high end data security consulting and DLP projects in Central Europe) called me this morning after hearing about the data loss event on the radio on the way to work.
The details are fairly typical for a telecommunications service provider.

PII (personally identifiable information) of several dozen people was discovered by accident by Mr. Lukasz Siadul, who was running an experiment to see if he could find his own personal information via Internet search engines.  A search returned not only  his own data but also subscriber names, serial numbers of set-top boxes and service packages from the digital TV provider “N”. Since Mr Siadul is an “N” subscriber  himself, he suspected that the data breach originated at “N”. The file he downloaded from a public Web site containing National identity numbers (PESEL),  names, addresses, phone numbers for  “N” subscribers confirmed his suspicion  Unauthorized disclosure of the PESEL number is a violation of Polish privacy laws.
It took a dozen phone calls to “N” offices before the data was removed from the public Web site. Mr Maciej Kołodziej, who is IT security officer at “N” says that the file was posted by mistake on a public Web site and that the employee responsible has been fired.   “N” is offering Mr. Siadul a free service package as compensation but, he is apparently determined to take the case to court as a violation of Polish privacy law and ask the court for more substantial compensation.
See DVB News for the news item in Polish