A US government web site is reported to have suffered a security lapse enabling internet users to access confidential information relating to companies involved in the Safe Harbor data protection scheme. The Safe Harbor initiative operates a registration scheme for US companies wanting to exchange personal information on EU citizens without breaching strict EU data protection laws.

According to Wired.com, a security hole has been discovered in the Safe Harbor web site, which gives access to confidential information including company revenues, numbers of employees and the EU countries with which individual companies trade. Wired.com claims that this loophole has been in existence since the site went on-line and that it allows unauthorised members of the public to alter information on the web site database.

This breach of security contradicts express guarantees given to the companies registered with the scheme that their details will not be made publicly available without their consent except where required by law.

A notice was posted on the Safe Harbor web site last Thursday stating that both the self-certification form and the Safe Harbor list had been removed from the site as part of a security review.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.