Hi all
I'm the one in charge of the backup where I work, so I get to see all
the files as they get backed up. Now I know that at one time Sage
Payroll was completely insecure for anyone with a copy of M$ Access (you
could just open the .mdb file and, armed with a rudimentary knowledge of
relational databasing match personal records with payments) but they
tightened that up a few years back.
Anyway, today, I thought I'd try to access the file again. It turns out
that all you have to do is run an access recovery program on the
database file and poof! You have all the data again.
This is worrying because as well as the payment details and history,
address, phone number, marital status, National Insurance number,
Nationality and Ethnic Origin are in another table.
Should your company use the in-built BACS epayment system Sage have now
built into this software, you would have access to bank details
including sort code and account number of all employees. Elsewhere
there are details of Child Sup****t payments people have had to make.
Basically, everything you would need if you wanted to steal someone's
identity.
Worrying, if not illegal.
--
Dan
|
