A great resource for learning about security foibles is The Breach Blog. This fellow finds some really good stuff, things like lost USB drives, poorly secured sites, etc.
Here’s a good one: The US Transportation Security Administration is responsible for securing air travelers in the post 9-11 apocalypse. The TSA has a method of allowing innocent travelers to remove their names from their ‘watch list’, thereby avoiding hassles when boarding aircraft in the US. Unfortunately, the web application was poorly secured, resulting in serious problems.
Of course, in many (most?) states in the US, it is the law to report information breaches. Here in Canada, we have to wait for the news services to hear of a investigation or report before such information sees the light of day…
While our Privacy Commissioner has voluntary guidelines available for reporting breaches, the legislation has not been changed to make this reporting mandatory.
Mike