Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dataloss] followup: ACS Breach Warning Letter
From: security curmudgeon (jerichoattrition.org)
Date: Wed Nov 08 2006 - 01:24:00 CST
And now my own comments.
: [Customer Name] [Bar Code]
: [Customer Address] [Number]
The number below the bar code is 8 digits, starting with 0065. Not sure if
this is an indication of how many affected, a tracking number, or
: This letter is to inform you of an incident involving the theft of a
: computer that may contain your personal information. A
: password-protected computer was stolen from a secure facility operated
: by ACS State and Local Solutions, Inc. on behalf of the Colorado State
: Directory of New Hires (SDNH). Employers are required by law to report
: information to the SDNH regarding newly hired employees.
First, we know password protected computers mean absolutely nothing.
Yanking a drive and mirroring content is trivial for even moderately
skilled computer users.
Second, ACS needs to look up the definition of secure.
1. To make safe; to relieve from apprehensions of, or
exposure to, danger; to guard; to protect.
So this should be worded "relatively" secure or "formerly" secure.
: ACS takes the protection of your personal information very seriously. We
: have established a toll-free number to assit with any questions. This
: number is 1-800-350-0399. We regret this incident occured.
So seriously, this line is not answered outside of standard business hours
and asks that you call back then.
: Very truly yours,
: ACS Representative
The signature doesn't look like 'ACS Representative', so who's name is
this and why wasn't it printed? No one stepping up to be accountable for
Dataloss Mailing List (datalossattrition.org)
Tracking more than 140 million compromised records in 465 incidents over 6 years.