BreachExchange mailing list archives
Re: followup: ACS Breach Warning Letter
From: security curmudgeon <jericho () attrition org>
Date: Wed, 8 Nov 2006 02:24:00 -0500 (EST)
And now my own comments. : [Customer Name] [Bar Code] : [Customer Address] [Number] The number below the bar code is 8 digits, starting with 0065. Not sure if this is an indication of how many affected, a tracking number, or something else. : This letter is to inform you of an incident involving the theft of a : computer that may contain your personal information. A : password-protected computer was stolen from a secure facility operated : by ACS State and Local Solutions, Inc. on behalf of the Colorado State : Directory of New Hires (SDNH). Employers are required by law to report : information to the SDNH regarding newly hired employees. First, we know password protected computers mean absolutely nothing. Yanking a drive and mirroring content is trivial for even moderately skilled computer users. Second, ACS needs to look up the definition of secure. 1. To make safe; to relieve from apprehensions of, or exposure to, danger; to guard; to protect. So this should be worded "relatively" secure or "formerly" secure. : ACS takes the protection of your personal information very seriously. We : have established a toll-free number to assit with any questions. This : number is 1-800-350-0399. We regret this incident occured. So seriously, this line is not answered outside of standard business hours and asks that you call back then. : Very truly yours, : : [scribble] : : ACS Representative The signature doesn't look like 'ACS Representative', so who's name is this and why wasn't it printed? No one stepping up to be accountable for questions? _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 140 million compromised records in 465 incidents over 6 years.
Current thread:
- followup: ACS Breach Warning Letter security curmudgeon (Nov 07)
- Re: followup: ACS Breach Warning Letter security curmudgeon (Nov 07)
- Re: followup: ACS Breach Warning Letter Bruce.Forestal (Nov 08)
- Message not available
- Re: followup: ACS Breach Warning Letter Al Mac (Nov 08)
- Re: followup: ACS Breach Warning Letter Bruce.Forestal (Nov 08)
- Re: followup: ACS Breach Warning Letter George Toft (Nov 08)
- Re: followup: ACS Breach Warning Letter security curmudgeon (Nov 07)