Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Have you stayed at a Radisson since last November?

From: David Farber <dave () farber net>
Date: Thu, 20 Aug 2009 10:49:32 -0400


Begin forwarded message:

From: Gordon Syme <gordon () twiceasgood net>
Date: August 20, 2009 4:45:24 AM EDT
To: dave () farber net
Subject: Re: [IP] Have you stayed at a Radisson since last November?

Prof. Farber, for IP if you deem fit

On Wed, 2009-08-19 at 14:28 -0400, David Farber wrote:


Begin forwarded message:
From: Randall <rvh40 () insightbb com>
Date: August 19, 2009 2:16:40 PM EDT
To: David Farber <dave () farber net>, Dewayne Hendricks <dewayne () warpspeed com

, johnmacsgroup () yahoogroups com

Subject: Have you stayed at a Radisson since last November?

http://www.radisson.com/openletter/openletter-faq.html

What happened?  When did it happen?
Between November 2008 and May 2009, the computer systems of some
Radisson® hotels in the U.S. and Canada were accessed without
authorization.  This unauthorized access was in violation of both
civil and criminal laws.  Radisson has been coordinating with federal
law enforcement to assist in their investigation of this incident.

Why didn't you notify me sooner?
Working closely with law enforcement and forensic investigators, it
has taken some time to analyze the origins and extent of the
unauthorized access.

Why not notify people immediately when the breach is discovered? The
"origins and extent" of the breach don't materially affect any of the
individuals whose personal information may have been compromised. The
important thing here is that the information was compromised. Are these
affected people really going to take different measures based on where
their information went?

The text of the letter makes it seem like the breach was discovered in
May 2009. It is now August, giving the bad guys at least two full months
to work with the information they acquired.

Surely the responsible approach is notify everybody immediately and work
out exactly what happened later? Better to notify too many people
quickly than notify exactly the affected people after their personal
information has already been put to nefarious purposes.

-Gordon





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: