Re: incompetence

Tim chubb listed only a few "best practice" elements for dealing with this type of data. Sure ... use .CSV if you can't economically make it work in a more secure way (which should be trivial for a security firm), but for crying out loud ... placing it in a web-accessible directory?!? Unencrypted?!? Yeesh. Basic ignorance of long-standing security practices. According to FaceTime's comments about this, I'll bet one could still use wget to grab the list, if one were so inclined ... so unless they've done a bit more securing than they've let on, that info is still vulnerable.

Bottom line: IT people are typically the experts in an organization when it comes to data security, and to make a claim that "IT people just don't seem to understand.." the costs of secure practices is spurious. A better rant would be "Number-pushers just don't seem to understand.." that the couple of dollars FaceTime saved in not implementing a more secure data-retention policy is now costing them big bux in PR. Big bux that would have been better spent developing a system that did not result in this PR nightmare.