Page 1 of 1 Attachment 18A David Hotchkiss - Notification Letter of Malicious Software on the Network From: To: Date: Subject: CC: Attachments:
David Hotchkiss Scott Dickey; Scott Dickey 2/23/2012 2:50 PM Notification Letter of Malicious Software on the Network Peter Goldstein Notification_Letter-DRAFT-1202230dh.doc
Scott: On 27 January 2012 we received notification from the FBI relative to malicious software (virus) infection of the District's networks. In the notification it indicates that we should notify users and start cleaning the viruses. I have previously recommended notification in accordance with SB1386. It has been 26 days since the District received the FBI's letter and nearly 3 months since the discovery of the viruses on the networks. To date, no notification letter has been sent. As I understand it we may now have exceeded the time limit for notification. I have therefore put together a draft of a notification letter which is attached. Scott, Since the malicious viruses we found are a 1386 reportable event, and the FBI's letter is a federal notification, do we need two separate notification letters? If so, I can extract and develop the second one. Further administratively I recommend we: 1. We will need to update the www.ccsf.edu/securityalert web page by including this letter as the landing page. (this page is referred to in the attached letter) 2. We need to establish a telephone number and provide trained staff to answer concerned parties telephone calls.(which is referred to in the attached letter) Please let me know how I may help expedite the process.
David A. Hotchkiss, Ph.D., PMP Chief Technology Officer San Francisco Community College District Phone: 415.452.5586
file://C:\Documents and Settings\dhotchkiss\Local Settings\Temp\XPgrpwise\4F465220POA_DOMpoA1... 2/23/2012