[Dataloss] followup: ACS Breach Warning Letter
security curmudgeon
jericho at attrition.org
Wed Nov 8 02:24:00 EST 2006
And now my own comments.
: [Customer Name] [Bar Code]
: [Customer Address] [Number]
The number below the bar code is 8 digits, starting with 0065. Not sure if
this is an indication of how many affected, a tracking number, or
something else.
: This letter is to inform you of an incident involving the theft of a
: computer that may contain your personal information. A
: password-protected computer was stolen from a secure facility operated
: by ACS State and Local Solutions, Inc. on behalf of the Colorado State
: Directory of New Hires (SDNH). Employers are required by law to report
: information to the SDNH regarding newly hired employees.
First, we know password protected computers mean absolutely nothing.
Yanking a drive and mirroring content is trivial for even moderately
skilled computer users.
Second, ACS needs to look up the definition of secure.
1. To make safe; to relieve from apprehensions of, or
exposure to, danger; to guard; to protect.
So this should be worded "relatively" secure or "formerly" secure.
: ACS takes the protection of your personal information very seriously. We
: have established a toll-free number to assit with any questions. This
: number is 1-800-350-0399. We regret this incident occured.
So seriously, this line is not answered outside of standard business hours
and asks that you call back then.
: Very truly yours,
:
: [scribble]
:
: ACS Representative
The signature doesn't look like 'ACS Representative', so who's name is
this and why wasn't it printed? No one stepping up to be accountable for
questions?
More information about the Dataloss
mailing list