According to a report on the CyberInsecure website, among the many organizations that use SQL injections vulnerable service, there were some US military bases that could have all their staff's commuting information exposed on the web.
CyberInsecure said the website is currently under the supervision of five Southern California Transportation Boards (Los Angeles, San Bernandino, Riverside County, Orange County and Ventura County), which use the portal as a match-making service to maximize transportation vehicle usage in daily commutes.
Kristian Hermansen, a security researcher working in the area, reported that he tested the site for SQL injections and found it wanting.
After discovering the site's SQL injections flaws, he said he informed the site administrators, but two weeks later, they had failed to fix the SQL injections problem.
Faced with apparent indifference, he issued a statement: "The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don't even know that their employees' personal and corporate information, like employee ID and login ID, may have been compromised."