Just the latest in a string of security f**kups. Bank of America, Wachovia, LexisNexis, and more.
The problem isn't Microsoft, though their swiss cheese software contributes. No one takes security very seriously, except of course when they're the victim of a lapse, in which case they always get enraged and blame everyone except themselves.
Meanwhile, it pays to be paranoid. Very paranoid.
That's the truth. I know first-hand that many, MANY large corporate companies will slash security spending first when it comes to IT budget crunch time.
Ironically most of these same companies have no problem shelling out big bucks for 2 flat screen monitors per employee.
It may seem as though there has been a rash of these kinds of incidents. In fact, the main driver behind it all is a law in California that mandates disclosure of such incidents. 3 years ago, an incident like that mentioned in the article would have been kept quite quiet. Neither you nor I would ever have heard of it.
On a side note, while any computer system is vulnerable to a degree, IMO, placing that kind of information on a W2K system with IIS 5.0 that is internet facing should make them criminally liable for extreme damages. Note that they don't mention how long this breach has been occurring.