From: security curmudgeon (jerichoattrition.org)
Date: Wed Nov 08 2006 - 01:24:00 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

And now my own comments.

: [Customer Name] [Bar Code]
: [Customer Address] [Number]

The number below the bar code is 8 digits, starting with 0065. Not sure if
this is an indication of how many affected, a tracking number, or
something else.

: This letter is to inform you of an incident involving the theft of a
: computer that may contain your personal information. A
: password-protected computer was stolen from a secure facility operated
: by ACS State and Local Solutions, Inc. on behalf of the Colorado State
: Directory of New Hires (SDNH). Employers are required by law to report
: information to the SDNH regarding newly hired employees.

First, we know password protected computers mean absolutely nothing.
Yanking a drive and mirroring content is trivial for even moderately
skilled computer users.

Second, ACS needs to look up the definition of secure.

   1. To make safe; to relieve from apprehensions of, or
      exposure to, danger; to guard; to protect.

So this should be worded "relatively" secure or "formerly" secure.

: ACS takes the protection of your personal information very seriously. We
: have established a toll-free number to assit with any questions. This
: number is 1-800-350-0399. We regret this incident occured.

So seriously, this line is not answered outside of standard business hours
and asks that you call back then.

: Very truly yours,
:
: [scribble]
:
: ACS Representative

The signature doesn't look like 'ACS Representative', so who's name is
this and why wasn't it printed? No one stepping up to be accountable for
questions?
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 140 million compromised records in 465 incidents over 6 years.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]