Saturday, February 11, 2006

Security breach at Cooks Illustrated

Wherein I post an email


February 10, 2006

IMPORTANT NOTICE ABOUT YOUR PERSONAL INFORMATION




Dear Friend of Cook's,

When I write to our website members, it is usually about cooking or country living. Today, however, I am writing on a more serious matter. I want to tell you about an incident that may have involved your sensitive personal information.



What I Know Happened

On January 30, 2006, we determined that a log file and a data table on one of our Internet servers had been deleted, causing portions of our website to stop working. The deleted data table contained basic information about our website members, such as their names, street addresses and email addresses. The deleted table did not contain any credit card information.



What I Did

As soon as I learned that the files had been deleted, I had our website shut down and had our computers disconnected from the Internet. I then directed that all credit card information be removed from our servers before bringing our site back online on February 3, 2006. Cook’s has engaged outside computer security consultants to test the security of our system before we bring the credit card information back online.

I also immediately began an investigation into the cause of this problem. Unfortunately, we have been unable to determine how, why or by whom the files were deleted. We are, therefore, unable to rule out the possibility that individuals gained unauthorized access to our computers. Because our website members’ credit card information is also stored on the same computer system as the deleted files, we cannot rule out the possibility that someone gained unauthorized access to our customers’ credit card information.

Given that there is a possibility that someone has gained unauthorized access to our system, I am writing to give you notice that your credit card information (such as card number, cardholder name, billing address and expiration date) used to pay for your website membership may have been unlawfully accessed. Please be aware, however, that personal information, including credit card numbers, used at our bookstore and for all magazine transactions are not located on the same computer system as the deleted files and we, therefore, have absolutely no reason to believe that they have been subject to unauthorized access.

To protect yourself from credit card fraud and identity theft you should take the following steps.



What You Should Do

You should remain vigilant by reviewing account statements and monitoring free credit reports. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Victim information sometimes is held for use or shared among a group of thieves at different times. Checking your credit reports periodically can help you spot problems and address them quickly.

I recommend that you contact your credit card company and keep a close eye on the activity on your cards. If you discover that questionable charges are appearing on your card you should contact the card issuer immediately to notify them of the fraudulent use, cancel the existing card, and have a new card issued.

You should contact the major credit reporting agencies and have them place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. All three credit reports will be sent to you by the credit reporting agencies, free of charge, for your review.

Below, we've listed the contact information for all three major consumer credit reporting agencies and several other agencies and organizations that can help you monitor and manage your credit information.

I have also put together a list of FAQs which you can access by logging onto www.cooksillustrated.com/webfaqs.

As you know, we do not accept advertising in our magazines or on our websites, and depend entirely on the goodwill and support of our readers and members. That, over the years, has created a strong sense of community between editors and home cooks as well as a commitment to no-nonsense reporting. With that spirit in mind, I wanted you to know exactly what happened, when it happened, and what we have done about it. As Calvin Coolidge often remarked, “When you don’t know what to do, do the work in front of you.” That has been sound advice in the last couple of weeks.

Thanks so much for your patience in this matter. I hope that my next communication will be substantially more enjoyable for both of us.

Cordially,



Christopher Kimball
Founder and Editor
Cook’s Illustrated

2 Comments:

Blogger reader_iam said...

At least they were forthcoming and tried to be somewhat helpful, or so it seems.

Are you pleased with the way they're handling this, or no?

Stories like this tend to make me go a tad bananas, just because if a problem occurs, it's a nightmare to sort out.

2/11/2006 09:53:00 PM  
Anonymous Anonymous said...

I got this letter too...embarassing mea culpa. At least more forthcoming than most vendors.

Cortlandt Manor, NY

5/06/2006 11:49:00 AM  

Post a Comment

Links to this post:

Create a Link

<< Home