[Ansteorra-announce] [Announcements] Recent burglary at the SCA Corporate offices

Jason Williams jwilliams at director.sca.org
Tue Nov 28 16:24:15 PST 2006 

To:     The Membership of the SCA, Inc.
From:   George Reed, Vice President of Operations
SUBJ:   Burglary at the SCA Corporate offices

Sometime during the weekend of Thanksgiving, 2006 the SCA Corporate office
suffered an illegal intrusion and burglary.  This was part of a
crime-spree that affected the entire office complex in which our
facilities are located.  Initial reports are that the intruders used a
stolen master key obtained from the property manager and raided many of
the suites in the complex.  While the property loss sustained by the SCA
was fairly minimal, two desktop workstations were taken, and the manner of
their removal caused an interruption in the SCA 1-800 toll free number.

Actions taken by our Vice President of Corporate Operations, Renee
Signorotti,  included changing the office locks by 10 am PST on Monday,
replacing and re-configuring the missing machines, and ensuring any risk
to the membership was ruled out.  Our Chief Technology officer effected
immediate password changes to electronic mail and SCA servers to ensure
the minimal risk of exposure became zero risk.  At no time did the
perpetrators have access to any membership information, financial records,
or credit card numbers.

Because Renee’s office procedure includes not saving local passwords and
using proper levels of information security, there is no chance that the
end-recipients of the stolen machines can retrieve any personal,
financial, or business sensitive information.  No critical business data
existed on the stolen machines that were not part of the end of day
back-ups prior to the theft.

I would like this letter to the membership to serve as confirmation that
we did sustain an incident, but that the losses were minimal, full-service
to the membership quickly restored, and no ongoing risk to your membership
data or services remains.  At the end of this letter is some questions and
answers from our Chief Technology Officer, Scott Courtenay.

I would like to take this opportunity to applaud and commend the excellent
business practices, astute technology decisions, and swift responses of
our Corporate Office and our Technology staff for making this incident an
annoyance instead of a disaster.

If you have any questions, please feel free to contact me for quick
response at Seneschal at sca.org.

Thank you,

George L. Reed II
VP Operations
Society for Creative Anachronism, Inc.

-----

Q: Did they get access to the SCA servers?
A: No. The computers in the home office had only limited access (such as
personal email accounts) to the SCA servers, which are located in a secure
data center. The passwords for all personal accounts of home office
personnel were immediately changed to protect  even this limited access.
No one at the home office had access to the administrative password on our
servers.

Q: I ordered a membership or something from the Stock Clerk recently. Did
the thieves get my credit card number from these databases?
A: No. For security reasons which should be very apparent, we don't store
credit card numbers in our databases. When you process an order, the
number is held just long enough to complete the transaction and then is
"forgotten" by the system. It is never actually stored in the Stock Clerk
or membership database.

Q: I have a Known World Mail account. Were these compromised?
A: No. They are on the servers in a secure data center, not at the
corporate office.




Comments are strongly encouraged and can be sent to: 
SCA Inc.
Box 360789
Milpitas,  CA 95036

You may also email comments at lists.sca.org
or reply to this message.

This announcement is an official informational release by the Society for Creative Anachronism , Inc.  Permission is granted to reproduce this announcement in its entirety in newsletters, websites and electronic mailing lists.

_______________________________________________
Announcements mailing list
To unsubscribe or change your settings, visit:
http://lists.sca.org/listinfo/announcements

To change the email address you receive these messages at, visit the URL
listed above, subscribe to with your new email address.  Once this is
completed, return to the URL listed above and unsubscribe your old email
address.

More information about the Ansteorra-announce2 mailing list