Major vulnerabilities on Santam TIC website fixed

Jan

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
14,778
Reaction score
13,421
Location
The Rabbit Hole
South Africa's largest travel insurer fixes major website security flaws

Santam has fixed a pair of security vulnerabilities in its travel insurance website, which could potentially have exposed an extensive amount of personal information.

Santam's Travel Insurance Consultants (TIC) is the country's biggest travel insurer and is used by several other third parties — including banks that provide free travel insurance to their customers.
 
Santam is horrrendously slow to respond on their fraud system.
I got a suspicious email from them and logged it via their fraud email address.
Two or three WEEKS later I got a reply to send them the SMS (a copy of which I had attached to the original email).

Look - security **** happens. But for heaven's sake when someone raises an alarm be proactive.
 
This is quite surprising. I've engaged with Sanlam's SecOps Team (myself as a provider) and their standards were quite high. Not sure if Santam manages its own SecOps but I'd be surprised if the standards aren't equivalent to the parent company's. This is a pretty obvious oversight that should have been picked up in code review, let alone on a testing, staging, or PROD environment!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X