SITA website showing client data

A web application running on the State Information Technology Agency’s domain is exposing client data to anyone with a link to it.

The page in question is indexed in Google, so a search for the correct keywords causes the search engine to return a link to it.

As shown in the screenshot below, the page displays the SITA logo along with the words “SITA Service Management” and “developed by SMC” and appears to be a log of faults and their resolutions.

SITA explains on its website that its Service Management Centre (SMC) is the single point of entry for specific services to clients.

“These include countrywide IT services to Government clients and voice business services on behalf of Government to the South African citizens,” the site states.

SITA SMC reports exposed data (click for full size screenshot)

While the SMC web application only appears to be revealing data from December 2010, among the details shown are the customer’s name and contact number, as well as the organisation from which they are reporting the fault.

A summary of the fault and an indication of whether SITA met its service level agreement (SLA) is also shown.

An interesting statistic to come from this is that of the 2,196 faults exposed by the site, 1362 (almost 63%) were resolved within the SLA deadline during December 2010.

SITA was contacted for comment, but did not respond by the time of publication.

More SITA news

Try hacking this

Websites defaced, not hacked: Sita

South African websites hacked

SA Police to get network upgrade

Sita promises greater efficiency