Skip navigation

I tweeted a quick note about the 2010 Maine Department of Conservation state park pass ordering system breach. The brief AP story indicated that the breach itself was caused by a malware infection on systems at their SasS provider InfoSpherix.

While the article claims notices were sent to ~1,000 impacted card holders, there is no mention of the breach on the InfoSpherix news page and the only bit of information on the Maine DoC site is pitiful and uninformative:

Click image for larger version

Both organizations may have met the bare minimum legal requirements for beach notifications, but I find it shameful that they have not made the information more public. How are other companies supposed to learn from the mistakes of others and how will lack of open disclosure help consumers ask tougher questions prior to giving away they keys that unlock their finances?

It’s also pretty sad (but not uncommon) that the actual breach occurred on March 21st last year but wasn’t discovered until February of this year and that it took them over a month to report it out.

While there is the claim that the breach only impacted the park pass ordering system, InfoSpherix is a division of a larger organization that provides a plethora of services for recreational facilities. I’m actually a bit concerned that other systems may have been impacted (hey, if they didn’t detect it on these for almost a year…) and – if you’ve registered for a campground online – you have most likely used one of them. Not. Cool.

Oh yeah, before I forget, I wanted to ask InfoSpherix how that PCI compliance is working out for them? Perhaps checkbox stickers on the equipment would have helped stave off the intruders. #protip

You can at least read a few more details of the breach over at DataLossDB.

One Comment

  1. A quick google search of InfoSherix reveals that their reservations division is http://www.reserveworld.com. They directly provide services to

    Delaware State Parks
    Georgia State Parks
    Indiana State Parks
    Larimer County
    Maine State Parks
    Maryland State Parks
    Michigan State Parks
    Minnesota State Parks
    Missouri State Parks
    New Mexico State Parks
    Ohio State Parks
    Orange County,CA
    Pennsylvania State Parks
    South Dakota State Parks

    The Active Network acquired Infospherix in 2007 and then bought ReserveAmerica in 2009. According to many sources the company recently filed for IPO which is probably why they are keeping it hush hush.

    References:
    http://www.signonsandiego.com/news/2011/feb/15/active-network-files-for-ipo/

    http://www.socaltech.com/active_network_buys_reserveamerica/s-0019558.html

    http://www.freshnews.com/news/70079/san-diego-active-network-acquires-infospherix-acquisition-bolsters-active%E2%80%99s-government-bu


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.