[Artemisia] Bad News & Good News

[Julia Jackman-Brink]

Dawn Tavares wrote:
> Full story here
> http://scatoday.net/node/7621

Or for those people who can't get the internet because they are at work, 
etc....copied in it's entirety.

To: The Membership of the SCA, Inc.
From: George Reed, Vice President of Operations
SUBJ: Burglary at the SCA Corporate offices

Sometime during the weekend of Thanksgiving, 2006 the SCA Corporate 
office suffered an illegal intrusion and burglary. This was part of a 
crime-spree that affected the entire office complex in which our 
facilities are located. Initial reports are that the intruders used a 
stolen master key obtained from the property manager and raided many of 
the suites in the complex. While the property loss sustained by the SCA 
was fairly minimal, two desktop workstations were taken, and the manner 
of their removal caused an interruption in the SCA 1-800 toll free number.

Actions taken by our Vice President of Corporate Operations, Renee 
Signorotti, included changing the office locks by 10 am PST on Monday, 
replacing and re-configuring the missing machines, and ensuring any risk 
to the membership was ruled out. Our Chief Technology officer effected 
immediate password changes to electronic mail and SCA servers to ensure 
the minimal risk of exposure became zero risk. At no time did the 
perpetrators have access to any membership information, financial 
records, or credit card numbers.

Because Renee's office procedure includes not saving local passwords and 
using proper levels of information security, there is no chance that the 
end-recipients of the stolen machines can retrieve any personal, 
financial, or business sensitive information. No critical business data 
existed on the stolen machines that were not part of the end of day 
back-ups prior to the theft.

I would like this letter to the membership to serve as confirmation that 
we did sustain an incident, but that the losses were minimal, 
full-service to the membership quickly restored, and no ongoing risk to 
your membership data or services remains. At the end of this letter is 
some questions and answers from our Chief Technology Officer, Scott 
Courtney.

I would like to take this opportunity to applaud and commend the 
excellent business practices, astute technology decisions, and swift 
responses of our Corporate Office and our Technology staff for making 
this incident an annoyance instead of a disaster.

If you have any questions, please feel free to contact me for quick 
response at Seneschal at sca.org.

Thank you,

George L. Reed II
VP Operations Society for Creative Anachronism, Inc.

-----

Q: Did they get access to the SCA servers?
A: No. The computers in the home office had only limited access (such as 
personal email accounts) to the SCA servers, which are located in a 
secure data center. The passwords for all personal accounts of home 
office personnel were immediately changed to protect even this limited 
access. No one at the home office had access to the administrative 
password on our servers.

Q: I ordered a membership or something from the Stock Clerk recently. 
Did the thieves get my credit card number from these databases?
A: No. For security reasons which should be very apparent, we don't 
store credit card numbers in our databases. When you process an order, 
the number is held just long enough to complete the transaction and then 
is "forgotten" by the system. It is never actually stored in the Stock 
Clerk or membership database.

Q: I have a Known World Mail account. Were these compromised?
A: No. They are on the servers in a secure data center, not at the 
corporate office.

Comments are strongly encouraged and can be sent to:

     SCA Inc.
     Box 360789
     Milpitas, CA 95036

You may also email comments at lists.sca.org.

This announcement is an official informational release by the Society 
for Creative Anachronism, Inc. Permission is granted to reproduce this 
announcement in its entirety in newsletters, websites and electronic 
mailing lists.