Month: June 2008

Dear Curves: respect your client and employee data


The subject of this post is a US based Curves Health Club and has nothing to do with the plus size clothing company Dearcurves (dearcurves.com).


After (finally) speaking with the owner I believe that the Curves in question now takes this matter of data security very seriously and that a similar situation will likely not take place. I believe that this was an isolated oversight and that the owners have learned a valuable lesson (i.e. they were scared shitless and will probably be more careful from now on).

I should clear some things up:

  • Before publishing this I did attempt to contact the Curves in question. My phone call went un-returned.
  • Beyond the phone numbers and addresses contained in the letters (WordPerfect docs) there was no other data found on the system.
  • The Curves database was encrypted and NO EFFORT was made to circumvent this encryption; no billing information (if any existed) was exposed.
  • I was slightly misquoted on The Consumeristno credit card information was found. My original post pointed out the potential for billing information to be found based off information I read about the iGo software.
  • The hard drive was wiped (by me) using DBAN and no copies of the original data exist.
  • Upon request demand of the owner the computer (and hard drive) were returned to them.

(more…)