Thursday, September 30, 2010
Letter Sent to AFTRA Legal
Dear Ms. Tarlow,
I am a AFTRA member, and received the notice about the security breach on the AFTRA web site. In addition to being an actor, I run http://www.theyact.com, a network of web properties of actor resources. Some questions have come up regarding this breach and violation of members' personal information, including social security numbers and credit card information. Please answer, or obtain and forward to me answers, to the following questions for on the record public publication:
1) Was member information unencrypted on the web server?
2) Why was the information of members who had joined over 1 year ago still retained on the server long after its use in the joining process?
3) What concrete action is AFTRA taking to prevent this from happening again?
4) What measures is AFTRA taking to secure member information across the entire organization?
5) What is the timeframe for securing member information? By what date will security be fully in place?
7) What is AFTRA doing to help the affected members mediate the damage
this breach may take on their lives?
6) Are there any personnel changes that will be happening as a result
of this breach?
Thank you in advance for your prompt (within 24 hrs) reply,
Update October 2: a boiler-plate deferral due to the on-going investigation is the only reply made. It seems actors are on their own.
Update October 4: Ms. Tarlow writes that AFTRA has taken steps to "...advise members of the situation and provide them with resources and counsel to assist them with their security concerns." Since I am one of the AFTRA members, it seems the single email sent last week is the extent of their efforts at this point.
comments: Post a Comment