Burglary at the SCA Corporate offices

During the recent holiday weekend, the SCA corporate office in Milpitas, California, was burglarized. Aaron Swiftrunner, Society Seneschal (mka George Reed, Vice President of Operations) has released a detailed report on the incident.

To: The Membership of the SCA, Inc.
From: George Reed, Vice President of Operations
SUBJ: Burglary at the SCA Corporate offices

Sometime during the weekend of Thanksgiving, 2006 the SCA Corporate office suffered an illegal intrusion and burglary. This was part of a crime-spree that affected the entire office complex in which our facilities are located. Initial reports are that the intruders used a stolen master key obtained from the property manager and raided many of the suites in the complex. While the property loss sustained by the SCA was fairly minimal, two desktop workstations were taken, and the manner of their removal caused an interruption in the SCA 1-800 toll free number.

Actions taken by our Vice President of Corporate Operations, Renee Signorotti, included changing the office locks by 10 am PST on Monday, replacing and re-configuring the missing machines, and ensuring any risk to the membership was ruled out. Our Chief Technology officer effected immediate password changes to electronic mail and SCA servers to ensure the minimal risk of exposure became zero risk. At no time did the perpetrators have access to any membership information, financial records, or credit card numbers.

Because Renee's office procedure includes not saving local passwords and using proper levels of information security, there is no chance that the end-recipients of the stolen machines can retrieve any personal, financial, or business sensitive information. No critical business data existed on the stolen machines that were not part of the end of day back-ups prior to the theft.

I would like this letter to the membership to serve as confirmation that we did sustain an incident, but that the losses were minimal, full-service to the membership quickly restored, and no ongoing risk to your membership data or services remains. At the end of this letter is some questions and answers from our Chief Technology Officer, Scott Courtney.

I would like to take this opportunity to applaud and commend the excellent business practices, astute technology decisions, and swift responses of our Corporate Office and our Technology staff for making this incident an annoyance instead of a disaster.

If you have any questions, please feel free to contact me for quick response at Seneschal@sca.org.

Thank you,

George L. Reed II
VP Operations Society for Creative Anachronism, Inc.

-----

Q: Did they get access to the SCA servers?
A: No. The computers in the home office had only limited access (such as personal email accounts) to the SCA servers, which are located in a secure data center. The passwords for all personal accounts of home office personnel were immediately changed to protect even this limited access. No one at the home office had access to the administrative password on our servers.

Q: I ordered a membership or something from the Stock Clerk recently. Did the thieves get my credit card number from these databases?
A: No. For security reasons which should be very apparent, we don't store credit card numbers in our databases. When you process an order, the number is held just long enough to complete the transaction and then is "forgotten" by the system. It is never actually stored in the Stock Clerk or membership database.

Q: I have a Known World Mail account. Were these compromised?
A: No. They are on the servers in a secure data center, not at the corporate office.

Comments are strongly encouraged and can be sent to:

SCA Inc.
Box 360789
Milpitas, CA 95036

You may also email comments@lists.sca.org.

This announcement is an official informational release by the Society for Creative Anachronism, Inc. Permission is granted to reproduce this announcement in its entirety in newsletters, websites and electronic mailing lists.