SFI Database Data Breach
STARFLEET the International Star Trek Fan Association INC.
Notice of Data Breach
This notice is to inform you of data security incidents that involved a limited amount of your personal information. This notice will give an overview of what happened, and what we are doing in response.
What Happened?
On 1/1/2023
all Database permissions for previous administration staff were removed.
On 1/(exact date(s) pending: estimated end of week 1)/2023
the new administration did an SFDPP audit on chapters. It was found many CO’s and XO’s were out of compliance. When the database privileges were being removed for those not in compliance, it became known that several of these individuals had database permissions that far exceeded what they should have in their current roles. A spreadsheet was made by CompOps member and VRC9 Ivar Bardie of all current permissions in the database and who they were assigned to. This was audited and the individual permissions were removed from fleet members who should not have them by Ivar via the back end of the database.
On 1/30/23
REDACTED interviewed with REDACTED for the position of REDACTED. During that interview, REDACTED makes remarks about their enhanced database access that caused pause. As they no longer hold any position outside of CO of REDACTED, this alarms REDACTED and they reported this to the administration. Looking into this, they had many accesses they should not, including “superuser” access. These permissions were removed, and had been removed prior, however they kept reverting back. On 2/12 all individual database permissions were wiped, and only packages remained for all users.
2/22/23
Our server notified us that there were spikes in our database around 2:00am eastern. As this can indicate that there could potentially be unauthorized access to our server, and coupled with the fact that database permissions seems to be given out at random, the InfoServ team started to investigate the reasons for the spike.
2/9/2023
there was an email from Linode at 2am indicating there was a average 200% load spikes on the medusa server
2/26/2023
It was suggested by InfoServ department member Scott Sawyer (post graduate degree in cyber security) to do a controlled penetration test of our own server by the InfoServ team (basically “hack” into our own server).
2/26/2023
This report went out to the CS/VCS
3/02/2023
The server logs for user REDACTED were acquired by Tony Knopes from when they left their REDACTED position on 1/1/23 to the end of January. These are the findings of unauthorized use of the database:
1/10/2023
Added database permissions to themself:
|2|3|4|5|6|7|10|13|14|18|19|23|25|26|28|29|31|32|34|37|40|41|43|44|49|52|53|54|57|64|65|66|67|68|69|70|71|73|74|75|77|78|79|84|85|87|92|96|101|102|103|104|111|113|114|115|123|125|127|128|130|139|147|148|150|152|153|154|155|157|158|159|161|
1/14/2023
Removed all permissions except member package from REDACTED who is a member of the chapter the REDACTED (not their chapter)
1/14/2023
Added Chapter XO (id = 2) package to REDACTED who is a member of the chapter the REDACTED (not their chapter)
1/22/2023
Changed REDACTED and REDACTED to their chapter. This should not be done by the captain of the chapter they are moving to.
1/27/2023
Added database permissions again to themself:
|2|3|4|5|6|7|10|13|14|18|19|23|25|26|28|29|31|32|34|37|40|41|43|44|49|52|53|54|57|64|65|66|67|68|69|70|71|73|74|75|77|78|79|84|85|87|92|96|101|102|103|104|111|113|114|115|123|125|127|128|130|134|135|139|147|148|150|152|153|154|155|157|158|159|161|
3/2/2023
Notification of these findings was sent to the CS/VCS
3/08/23
Full data logs have been acquired by Tony Knopes for all database access from this member for the last year.
3/08/23
Full patch of vulnerability was completed and tested multiple times
3/08/2023
AB notified of Data Breach
3/12/2023
Membership was notified about the Data Breach via social media. A script for a new program the CS was due to air was edited to provide the opportunity to allow members to ask questions with transparency.
What We Are Doing.
Your confidentiality, privacy, and security of the information that we retain is among our highest priorities, and we take this incident very seriously. Upon becoming aware of these events, we immediately launched an investigation. We have ensured that the member cannot access our database information.. We have enhanced the security controls tools on our database servers to help prevent an event like this from happening again. We will continue to monitor our servers and do routine penetration tests to identify additional safeguards and weaknesses. We are now going through log files to see which members’ data was accessed by this individual in the last few years. Any member whose information was accessed without justification will be notified personally, and it will be included in our report to authorities.
We also reviewed our security policies and enhanced procedures to reduce the risk of similar future events.
What You Can Do.
We have no evidence at this time that your information was misused. Your personal information that could have potentially been accessed would include your name, email, date of birth, and address. While the possibility of identity theft is minimal, we would encourage you to be vigilant and to report any suspicious activity.
For More Information
STARFLEET International deeply regrets that this has occurred, and we are taking this matter extremely seriously. Protecting the privacy and security of your personal information is our top priority. Please accept our sincere apologies, and know that we will do whatever it takes for this to not ever happen again. Please send any questions you might have to SCO_Infoserv@SFI.org and we will do our best to answer you quickly.
Sincerely,
STARFLEET Data Protection Team
DPO Erin Poole
DDPO TJ Allen
FPO Eilidh Montgomery
DP Bran Stimpson