Home page logo

interesting-people logo Interesting People mailing list archives

Clear Privacy Update
From: David Farber <dave () farber net>
Date: Thu, 7 Aug 2008 09:43:42 -0700

From: Paul Robichaux [PaulR () 3sharp com]
Sent: Thursday, August 07, 2008 12:37 PM
To: David Farber
Subject: FW: Clear Privacy Update

For IP if you wish-- Clear's response to their breach.

------ Forwarded Message
From: "Steven Brill, Clear CEO" <clearsupport () flyclear com>
Reply-To: "clearsupport () flyclear com" <clearsupport () flyclear com>
Date: Thu, 7 Aug 2008 09:30:07 -0700
Subject: Clear Privacy Update

   About your clear account

   We take the protection of your privacy extremely  seriously at Clear.
That's why we  announced on Tuesday that a laptop from our office at the San
Francisco Airport  containing a small part of some applicants'
pre-enrollment information (but not Social Security numbers or credit card
information) recently went missing. None of your information was in any way
implicated. However, we were prepared to send those applicants and  members
who were affected the appropriate notice on Tuesday detailing that
situation.   Before we could send out that notice, the laptop was recovered.
And, we have determined from a preliminary  investigation that no one logged
into the computer from the time it went  missing in the  office until the
time it was found. Therefore, no unauthorized person has obtained any
personal information.  Again, none of  your personal information was on the
computer in any form, but we  nonetheless wanted to give you details of the
incident that could have affected  others applying for Clear memberships
because the incident involves Clear's  privacy and security practices and
policies.   We are sorry that this theft of a  computer containing a limited
amount of applicant information occurred, and we apologize  for the concern
that the publicity surrounding our public announcement might  have caused.
But in an abundance of caution, both we and the Transportation  Security
Administration treated this unaccounted-for laptop as a serious  potential
breach.  We have learned from  this incident, and we have suspended
enrollment processes temporarily until all  pre-enrollment information is
encrypted for further protection. The personal information on the enrollment
system was protected by two  separate passwords, but Clear is in the
process of completing a software fix - and other security enhancements - to
encrypt the data, which is what we should have done all along, just the way
we  encrypt all of the other data submitted by applicants. Clear now expects
that  the fix will be in place within days.  Meantime, all airport Clear
lane operations  continue as normal. As you may know, our Privacy  Policy
states that we will notify you of any compromise of your personal
information regardless of whether any state statute requires it. This letter
is  a good example of our policy: no law requires that we notify you of this
incident because our investigation of the recovered laptop revealed no
breach  and because in any event none of your own information was affected.
But we  think it's good practice to err on the side of good communication
with all  Clear members, especially when, in this case, we did make a
mistake by not  making sure that limited portion of information was
encrypted. Please call us toll-free with any  questions at (866) 848-2415.
Again, we  apologize for the confusion.    Sincerely,
 Steven Brill
 Clear CEO

P.S.  A reminder: One of Clears unique privacy features is that all members
and  applicants are given an identity theft protection warranty which
provides that,  in the unlikely event you become a victim of  identity theft
as a result of any unauthorized dissemination of your private  information
by - or theft from - Clear or its subcontractors, we will reimburse  you for
any otherwise unreimbursable monetary costs directly resulting from the
identity theft.  In addition, Clear will,  at its own expense, offer you
assistance in restoring the integrity of your  financial or other accounts.
So  had there been any actual compromise of your personal information, you
would  have been additionally protected.

------ End of Forwarded Message

Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]