What happened to your website?
On January 30, 2006, we determined that a file was deleted from the .back office. part of our site. We do not know how, or by who, this file was deleted, but because we keep sensitive personal information about our website members on our servers, for security reasons we took all of our sites down immediately. Since February 3rd, our sites have been back up and running, although some limited functionality for website members has not yet been restored.
Was any of my personal information compromised?
As soon as we discovered that a file had been deleted from our website server, we immediately investigated the cause of this problem. Our investigation has been unable to determine how, why, or by whom the files were deleted. Although we do not have conclusive evidence that the file deletion was the work of an intruder, it is possible that an individual gained unauthorized access to our computers. The deleted file did not contain any credit card information. However, given the possibility that someone did gain unauthorized access to our system, we are notifying all website members that their credit card information may have been unlawfully accessed, and providing recommended steps that members should take to protect themselves from credit card fraud and identity theft.
When did you discover the problem?
We discovered the problem on Monday, January 30, 2006.
What did you do when you found out about the deleted files?
We took our server off-line which took down our websites and investigated the cause of the problem.
Why did you not contact me before now?
As soon as we determined that a file had been deleted from our Internet server, we shut down our websites and disconnected our server from the Internet. At the time that our websites were brought back up, we posted messages on our website homepages describing why our site was down and that we were investigating the cause of the file deletion. As our investigation has ended without conclusive information as to how the file was deleted or whether an individual gained unlawful access to sensitive personal information, we are now contacting all website members with our findings and steps that they should take in case their sensitive personal information was, in fact, unlawfully accessed.
Why did you not put up a temporary web page with a message sooner?
As soon as we determined that a file had been deleted from our Internet server, we shut down our websites and disconnected our server from the Internet. We began the process of setting up a new server to allow a temporary page to be posted. By the time we had the new server set up, we were able to put all of our websites back on line with a message posted on our homepage.
When and how did the site go back up?
It went up on Friday, February 3rd. However, we had removed all credit card information from the server. This means that members have been unable to log into their personal account information and the My Favorites section is not yet working.
When will credit card information be put back onto the server?
Only after our Internet security consultants have thoroughly reviewed all security measures, hopefully in the near future.
Why don't you know more about what happened?
We were unable to find sufficient information on the server to indicate exactly what happened and why.
What about credit card information for bookstore and magazine transactions?
All transactions that do not involve website members are handled by our fulfillment company in Des Moines, CDS. Therefore, all sensitive personal information provided during the process of ordering books and magazines on our website is stored on their servers at a different location from our Internet Server, and none of that information was accessible from our Internet Server.
What assurance can you provide about the future security of my information?
We have engaged an Internet security company to ensure that we have adequate security in place before we bring credit card information back online.
When will you be resuming billing of website memberships? Once the security consultants have finished reviewing our security measures.
If you aren't certain that my credit card information was, in fact, stolen, why are you asking me to behave as if it were?
Given the fact that credit card information did reside on the server that had the files deleted, we feel it is prudent to assume the worst and act accordingly.
Why am I unable to access MY ACCOUNT?
The file that was deleted from our server contained usernames and passwords for our website members. We have been able to restore usernames, from a back-up file, for many of our website member accounts. However, we are in the process of contacting website members who will need to create a new username and/or password in order for us to restore their access to MY ACCOUNT.
Furthermore, credit card information has not yet been added back to our Internet server. As soon as the outside Internet security company, that we have engaged to evaluate our security measures, has finalized their evaluation of our website security measures, then we will restore credit card information to our server and you will have access to MY ACCOUNT.
Why am I unable to access MY FAVORITES?
The file that was deleted from our server contained usernames and passwords for our website members. We have been able to restore usernames, from a back-up file, for many of our website member accounts. However, we are in the process of contacting website members who will need to create a new username and/or password in order for us to restore their access to MY FAVORITES.
I was unable to access the website for several days. What are you doing to compensate me for that? We apologize for the inconvenience caused by our website being down for several days. We have gone ahead and extended all website membership accounts by one week.