Over 100 TLD applicants affected by ICANN data breach
The application system for top-level domains (TLD) is currently offline after 455 cases were identified in which companies could have been able to see other applicants' files, according to a short announcement from ICANN, the organisation responsible for the application process. After the data breach occurred in April, the process was put on hold shortly before the original application deadline. In some cases, applicants could see the names of other applicants and the titles of uploaded documents in the Citrix-based TLD Application System (TAS).
According to ICANN, 1,268 applicants were registered in TAS with about 95,000 attachments containing application details when the system was taken offline, and 105 applicants' data may have been seen. The organisation says that 50 applicants might have seen user and file names for one or more other applicants. The network administrators are further analysing traffic on the system and trying to determine how many cases of third parties viewing data actually occurred.
All affected applicants should be informed by 8 May, at which point the private network administration organisation will give applicants for new TLDs (such as .london and .news) the opportunity to complete their applications. This situation changes the schedule for the complicated application process; originally, the list of submitted domains was supposed to be published in early May, when the first objection period was set to begin.
(Monika Ermert / fab)