Posted on 11/09/2007 9:20:36 AM PST by pabianice
This is a special notice to advise you that MOAA's e-mail contractor, Convio, has informed us that someone illegally gained access to Convio’s files and downloaded e-mail addresses from 92 of Convio’s clients, one of which was MOAA.
At the outset, let me stress that no information was stolen that we reasonably believe could be used by the data thief to compromise your identity – that is, no Social Security numbers, account numbers, or other financial information. No names were stolen, except to the extent an e-mail address included a person’s name.
However, the data thief did obtain thousands of e-mail addresses of MOAA members and some non-members who have used our services or subscribed to our e-mail products – including your e-mail address.
MOAA takes any such illegal activity very seriously – especially if it involves any of our members’ data. We want to stress, however, that we believe that any risk to you arising from this data breach is limited. Today's reality is that dedicated “data-mining” individuals and organizations routinely obtain e-mail addresses within minutes from anyone who hooks up a computer and starts an e-mail account. Nevertheless, you should remain vigilant in protecting your identity by reviewing all of your financial account statements regularly and monitoring free credit reports available from national consumer-reporting agencies.
We believe there is a possibility that you may receive some additional “spam” (junk mail) or be targeted with “phishing” e-mails. In “phishing” or similar scams, you may receive an e-mail that appears to be from a well-known or trusted organization, urging you to go to a website and enter personal information. It is likely that you have received such “phishing” e-mails in the past. If you receive such e-mails, you should promptly delete them and you should not respond to them in any way. Reputable firms do not ask for personal information in this manner.
We wanted you to know right away of this unauthorized access, and to know also that we find the theft situation totally unacceptable. We have confirmed that Convio has severely tightened its security, and MOAA is reviewing security precautions on all of our data systems, both internally and with our other contractors who may have access to member data in one form or another.
We take very seriously our responsibility to safeguard your personal data, and we pledge that we will continue to take every possible measure to fulfill that responsibility.
I have attached a series of questions and answers about this incident for your review. Should you have any additional questions, please don’t hesitate to contact MOAA’s Member Service Center toll-free at 1-800-234-6622, or by e-mail at msc@moaa.org.
Sincerely,
Norb Ryan, Jr.
Vice Admiral, US Navy, Retired
President and CEO
Questions and Answers
1. How many e-mails have been stolen? MOAA was one of 92 organizations affected by the e-mail contractor’s data loss. The theft included e-mail addresses of 260,000 MOAA members, subscribers, and prospects.
2. What other data has been stolen? No other personal financial data (SSNs, birthdates, account numbers, etc.) was affected. Website passwords were stolen with regard to a very few individuals, but you did not have a password stolen – only an e-mail address.
3. How can you be sure what has been taken? The contractor electronically tracked the data that was downloaded.
4. How could I be affected personally by this e-mail address theft? What should I do now? You may receive additional “spam” (junk mail) messages, or you may receive so-called “phishing” messages with official-looking company logos that ask you to log into a website and provide your personal information to “verify” one thing or another. You should immediately delete all such messages and you should not respond.
5. Should I change my e-mail address? That is your decision, but it is probably not necessary. As you may know from experience, dedicated “spammers” and “phishers” have ways of obtaining your e-mail address electronically.
6. Should I enroll in an identity-theft program? Will MOAA or Convio pay for it? It is your decision, but we don’t believe that’s necessary. Your e-mail address alone will not allow anyone to steal your identity. MOAA will not pay for you to enroll in an identity-theft program under these circumstances.
7. How did this breach happen? A credential belonging to one of the contractor’s employees was stolen, which allowed the thief to log onto the contractor’s system and access e-mail addresses owned by members of MOAA and members of dozens of other organizations.
8. What is MOAA doing to prevent a recurrence? First, Convio contacted the FBI to alert it about the theft. Second, we at MOAA are working with Convio to ensure it reviews and upgrades its data-security protections. Finally, MOAA is initiating an internal review, and similar reviews with all of our other outside contractors, to assess and, where necessary, upgrade the protection accorded all of our members’ personal data.
9. Why does MOAA have to use an outside online service provider? Can’t it be done in-house? Unfortunately, the complexity of e-mail guidelines and anti-spam laws have made it very difficult for organizations like MOAA to keep track of all the rules, outdated e-mail addresses, and unique requirements of the hundreds of different Internet Service Providers like AOL, Yahoo, etc. We must hire contractors who specialize in managing all these requirements to ensure we can properly deliver MOAA’s weekly Legislative Update, News Exchange, and other e-mail communications to those who wish to subscribe to them.
10. Who can I contact if I have questions about this situation? If you have additional questions, please contact MOAA’s Member Service Center by calling 1-800-234-6622 or e-mailing the Center at msc@moaa.org.
--------------------------------------------------------------------------------
Visit your MOAA's email subscription management page to modify your email communication preferences or update your email address. To stop ALL email from MOAA, click to remove yourself from our lists.
This message was sent to you at the following email address: ip568@charter.net | Manage Subscription ©2007 MOAA, All rights reserved 201 N. Washington St., Alexandria, Va. 22314 | (800) 234-6622 (MOAA)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.