ICANN reveals 12 more user credentials were used in March 2015 data breach

November 24, 2015November 24, 2015

The Internet Corporation for Assigned Names and Numbers (ICANN) has concluded its investigation into a data exposure issue in the New gTLD Applicant and Global Domains Division (GDD) portals blamed on several misconfigurations in the portals. The breach was first announced on 1 March 2015 where over 60 searches occurred, resulting in the unauthorized access of more than 200 records which were conducted using a limited set of user credentials. These portals contain information from New gTLD program applicants and New gTLD registry operators.

As described in the 30 April 2015 update, an investigation supported by two IT consulting firms was launched by ICANN in March 2015 to review and analyze all log data since the activation of the portals. The latest update on 27 May 2015 detailed the findings regarding the nature of the disclosures. Since then, ICANN continued to investigate this matter and found that, in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.

The investigation is now complete. ICANN has taken the necessary steps to determine how the data exposures occurred and confirmed that the exposure issues resulted from several misconfigurations in the portals. These misconfigurations have been addressed to prevent these types of disclosures in the future.