Privacy Breach at Virtual Telecoms Conference

Delegates participating in the Virtual International Telecoms Week (ITW) conference have been notified of a security flaw that could have made their personal information visible to other delegates. The event, which took place from 14th to 17th June, is the online replacement for the major carrier-oriented conference that usually assembles in the USA each year. Delegates of the online conference were told that if they had forwarded emails containing hyperlinks to messages or event schedule reminders then those links would make their personal information accessible to others. The information on the user’s event profile that could be breached included their name, email address, photograph, employer, country of residence, and any messages they had sent or received using the event platform. The reason for the security flaw is that the provider of the online conferencing solution made it possible for people to use personalized links to access their profile without first entering their username and password. The organizers stated they are now “working with the platform provider to change this feature and ensure it is appropriately secure”.

ITW is run by Capacity Media, a brand owned by Euromoney Global Limited, a London-based business that specializes in niche trade publications and conferences. Euromoney Global Limited had revenues of GBP66.7mn (USD83.5mn), of which 48 percent was generated by events and conferences, per the most recent accounts filed for the year ending 30th September 2018. These businesses are essentially engaged in the process of matchmaking between salesmen and potential customers, which means they have been hit hard by the global pandemic. As businesses explore the ‘new normal’ of working from home, this begs a question about whether the building of sales relationships will continue to be conducted by telephone when travel restrictions are eased. If salesmen can reach customers without needing to travel to events then middlemen like Euromoney Global Limited will see reduced demand for a core component of their business. This is why they have been experimenting with the use of virtual conferences which encourage a degree of sharing of personal data in exchange for giving users access to content and networking opportunities. But as is obvious from this incident, whenever personal data is being collected there is the potential for it to be breached.

The trade off between privacy and the supply of information is nothing new. Enormous businesses like Google have been established during the internet era by exploiting the value of data about users, and this has generated increased concern about personal information being misused. I participated in a fraud management panel at the ITW conference, and the reason why Capacity Media give a platform to individuals like me is to encourage telco employees to register and hence share information about themselves. There is a heightened risk of mistakes and security lapses when businesses are rushing to adapt to new ways of working. Everyone should be conscious of the potential dangers whenever they choose to share information about themselves.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.