 |
|
|
|
 |
Background on the break-in
- On January 13, 2004, ARC announced that it was the victim of a burglary in which computer equipment was stolen.
- ARC began working with law enforcement authorities immediately upon discovery of the theft and continues to do so.
- The stolen equipment included two computers, a monitor, and a projector.
- While one of the stolen computers contained information related to travel transactions, all information available to date indicates that the crime was a property theft, as opposed to a theft of data.
- A computer, a monitor, and a projector that were stolen contained no travel information.
- ARC has made the appropriate notifications of the theft and believes the appropriate actions are being taken as a result of those notifications.
- To date, ARC has no indications of misuse of the data stored on the stolen computer that contained information related to travel transactions.
- Several other burglaries took place around the same time in the immediate vicinity of the theft from ARC.
- This was not an occurrence of hacking. None of ARC’s systems were hacked into.
- ARC’S business operations continue. The stolen equipment was used in important support functions but was not fundamental to ARC’s operations.
What is ARC doing?
- ARC began working with law enforcement authorities immediately upon discovery of the theft and has continued to do so.
- ARC has made the appropriate notifications of the theft and believes the appropriate actions are being taken as a result of those notifications.
- As the investigation by law enforcement continues, ARC carefully monitors the situation.
- To date, ARC has no indications of misuse of the data stored on the stolen computer that contained information related to travel transactions.
- ARC is providing information to stakeholders as appropriate.
- As the investigation continues, ARC will disseminate information as appropriate in a manner that respects the integrity of the investigation.
Theft does not jeopardize ARC customer accounts or systems
- The equipment stolen from ARC would not provide access to the internal systems of ARC-accredited locations (travel agencies or CTDs), nor to the systems they use to interact with ARC.
- The stolen equipment did not contain ownership or bank account information on ARC-accredited locations (travel agencies or CTDs).
- The theft in no way affects agency or CTD reporting, IAR, Internet Sales Summary, ARC Document Retrieval Service, or other ARC systems for agency or CTD use.
- ARC’S business operations continue. The stolen equipment was used in important support functions but was not fundamental to ARC’s operations.
ARC does not collect elements necessary for identity theft
- In processing travel transactions, ARC does not receive or store data elements generally acknowledged as necessary to perpetrate identity theft.
- Specifically, ARC travel transaction data does not include any of the following:
- financial account security code, access code, password, or security access question (e.g., mother’s maiden name)
- social security number
- address information
- telephone number
- driver’s license number
- date of birth
- travel loyalty program passenger profile information
- Additionally, ARC travel transaction data does not include passenger company name or transacting agency name.
Related information:
|
|
|
