On January 29th, 2023, SCA Inc. Information Technology was notified by concerned members that the archives of the SCA-Comments list serve were accessible to the public. Although it is not the designated reporting channel, the comments email address has, at times, been used as a harassment and discrimination reporting vehicle. Subsequently, the breach had the potential to jeopardize a victim’s right to privacy and SCA Inc’s responsibility of protection for them. Upon receipt of this information, my team immediately acted to shut down the breach. However, data had been exposed long enough that several search engines had crawled and archived the data. The extent of this security breach was emails sent to along side of [email protected]/[email protected] between March 2020 and January of 2023.
The initial exposure was contained within a few hours of notification. Over the next couple of days other avenues of exposure to the same and similar data were found and locked down. My team began the process of getting the search engines to remove their archives of the information. At this point, we believe all access to that data has been removed and we feel that publishing this information will not cause further risk to any individuals concerned or the organisation.
The root cause of the breach was a misconfigured archive setting when the email address for comments was changed last year. To prevent further similar occurrences, SCA-comments has been moved entirely off the list serve system. The correct email address for comments is “[email protected]” (although the ‘lists.sca.org’ address will still work for now). This has been active for some time.
SCA Inc. Information Technology apologizes for any alarm or inconvenience anyone may have suffered because of this breach. Particular thanks go to Matthew Simon Ryan Cavalletto (Mathghamhain Ua Ruadháin) for initially alerting us to and helping assess the scope of the issue.
Anyone wishing to further discuss this matter should contact me ([email protected]) and John Fulton, SCA Inc. President ([email protected]).
Sam Davis, Manager, Information Technology
Correction: The announcement originally incorrectly noted the breach as occurring between April of 2022 and January of 2023. Thanks to Kevin Rhodes (Cormac Mór) for alerting us to the error.
Recent News
-
April 27, 2024
Commentary Request – Corpora Addition – Royalty Selection (Refusals)
-
April 20, 2024
Forever In Our Hearts – John G. Trimble
