We would like to inform the Arisia community that we had a technical issue on Saturday evening that resulted in several error logs being emailed to our IT email box. The error log included currently available registration information (name, badge number, registration status, address, phone number, and email), for everyone “flagged” as a program staffer or participant for the current convention. That email alias then forwarded the error logs to fifteen current and former members of the Arisia, Inc. IT committee, including both current and former staffers of the convention.
We have contacted the recipients of this information and are in the process of confirming that they have deleted these error logs. We are in the process of ensuring that everyone who might see registration information has signed our Information Ethics Agreement. We have also contacted all affected community members via email. Anyone who has not received this email was not affected by the error.
We have revised our IT email alias so that is only forwarded to current IT committee members. We also updated settings on our server so that only a more restricted list of people receive error messages through email. Instead of going to the entire email list for our IT team, it now goes only to the four volunteers who need to see it. All of these are current Arisia staff who have signed our Information Ethics Agreement. We are reviewing other potential vulnerabilities and are taking steps to address them. We have also reviewed and revised IT policy regarding access and removal from email aliases and accounts access.
Arisia apologizes for this error. We are working to ensure that it does not happen in the future. Arisia is committed to transparency and will continue to keep the community updated if there are any further developments. Please send any further questions to firstname.lastname@example.org.
on behalf of the Eboard and conchair team.