Original post removed on 7/5 due to threat of legal action by the owner of the Curves franchise but I don’t like being censored so I have decided to put the original post back and reopen comments.
I have a new policy: I will not remove posts because people don’t like them
After speaking with the owner I believe that the Curves in question takes this matter (data security) very seriously and that a similar situation will likely not take place. I believe that this was an isolated oversight and that the owners have learned a valuable lesson.
I should clear some things up:
- Beyond the phone numbers and addresses contained in the letters (WordPerfect docs) there was no other data found on the system.
- The Curves database was encrypted and NO EFFORT was made to circumvent this encryption; no billing information (if any existed) was exposed.
- I was slightly misquoted on The Consumerist - no credit card information was found. My original post pointed out the potential for billing information to be found based off information I read on the iGo software.
- The hard drive was wiped (by me) using DBAN and no copies of the data exist.
- Upon
request demand of the owner the computer (and hard drive) were returned to them.
[click to continue...]