ICANN has concluded its investigation into a data exposure issue in the New gTLD Applicant and Global Domains Division (GDD) portals, first announced on 1 March 2015. These portals contain information from New gTLD program applicants and New gTLD registry operators.
As described in the 30 April 2015 update, an investigation supported by two IT consulting firms was launched by ICANN in March 2015 to review and analyze all log data since the activation of the portals. The latest update on 27 May 2015 detailed the findings regarding the nature of the disclosures. Since then, ICANN continued to investigate this matter and found that, in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.
The investigation is now complete. ICANN has taken the necessary steps to determine how the data exposures occurred and confirmed that the exposure issues resulted from several misconfigurations in the portals. These misconfigurations have been addressed to prevent these types of disclosures in the future. ICANN has also confirmed that no other ICANN systems were affected. ICANN continues to deploy security-based updates on a regular basis as part of a broader, multiyear effort to harden all of ICANN‘s digital services.
ICANN‘s mission is to ensure a stable, secure and unified global Internet. To reach another person on the Internet you have to type an address into your computer – a name or a number. That address has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn’t have one global Internet. ICANN was formed in 1998. It is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet’s unique identifiers. ICANN doesn’t control content on the Internet. It cannot stop spam and it doesn’t deal with access to the Internet. But through its coordination role of the Internet’s naming system, it does have an important impact on the expansion and evolution of the Internet. For more information please visit: www.icann.org.