Notification of a data breach from Kingdom Seneschal

Greetings Midrealm,

This is to provide notification of a data breach that occurred in the Middle Kingdom. While we initially were trying to contact affected individuals via email, due to the high rate of returned emails due to delivery failure, all affected parties will receive a letter at the address listed in the database which will be mailed shortly. Please note that our review specifically revealed that individuals with administrative log-ins and passwords were also affected and the emails and corresponding passwords are easily discoverable.  If you re-use passwords, which are assumed to have been discovered, you are potentially at greater risk of exposure.   

Questions or concerns can be directed to dataquestions@midrealm.org.

NOTICE OF DATA BREACH

Dear Combatant:

The Society of Creative Anachronism, Inc., (SCA, Inc.) and its regional branch, the Middle Kingdom, greatly appreciates your participation in our marshallate community and respect your data privacy.  We are writing to let you know about a data security incident that involves your personal information. 

WHAT HAPPENED

Between January 5, 2021 and August 3, 2021, the raw data from the Middle Kingdom marshal database was placed on GitHub, using the public depository option.  It was discovered late on August 2, 2021 that the raw data was available for public viewing, which included individual’s names, Date of Birth (DOB), phone numbers, emails, and physical addresses to varying degrees.  We were able to have it removed from GitHub early morning on August 3, 2021.  

Unfortunately, our review also revealed that individuals with administrative log-ins and passwords also had their data compromised.  While the passwords were encrypted, they were encrypted with the md5 algorithm, which has been determined to be a minor deterrent in exposing the underlying password.  These were also removed from GitHub on the morning of August 3. 2021.

WHAT YOU CAN DO

As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission. To file a complaint with the FTC, go to www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies.

CONCLUSION

The SCA Inc., and the Middle Kingdom values your privacy and deeply regrets that this incident occurred. We have conducted a thorough review to ensure no other potential breaches occurred.  None have been found at this time.  As a result of this incident, the SCA Inc. and the Middle Kingdom are reviewing the best ways to ensure that data is not directly or indirectly compromised in the future and continue to look for the best ways to secure your data entrusted into our care.