Letter to the Editor from AGIA

The case study entitled “AGIA: Identity Crisis” (October 1, 2004) may have left your readers with the mistaken impression that AGIA’s security was breached. This was not the case. AGIA’s system is secure, and there was never any identity theft nor was customer information ever threatened. What happened was that AGIA was conducting an e-mail marketing campaign that included a link to a publicly facing, Flash multimedia presentation (featuring “Identity Theft” as the subject matter), hosted on a third-party server. The third-party server was hacked, resulting in the temporary disruption of AGIA’s presentation.

The attack on the third-party site resulted in my recommendation that AGIA try PredatorWatch. Your article over-dramatized the decision-making process by suggesting there was some sort of “end-run.” AGIA’s president, I.T. manager Garry Boswell and myself were all involved in the decision to use PredatorWatch.

The article states that when AGIA ran PredatorWatch, it discovered “vulnerabilities” within AGIA’s system. What the article fails to explain is that PredatorWatch was run inside the firewall, and hackers outside the firewall could not have exploited any of the “vulnerabilities.”

AGIA takes information security seriously. Unfortunately, the basic facts concerning AGIA’s adoption of PredatorWatch were overshadowed by the reporter’s attempt to dramatize the situation and the many inaccuracies that appeared throughout the Baseline article itself.

Bill Tyson
Chief Marketing Officer, SVP
AGIA
Carpinteria, Calif.

[Editor’s Note: Mr. Tyson may not have used the term “end-run.” But in his account to the author of the article, Debbie Gage, and reconfirmed in a fact-checking e-mail on Sept. 22, he said he asked Mr. Boswell to install PredatorWatch, was turned down and then went to the company’s CEO to get permission. The article did not state that the security of AGIA’s customer information was breached. In fact, the article clearly stated, “The attack on the hosting company did not expose AGIA’s customer data.” There is also little possibility to refute the assertion there are “many inaccuracies” in the article, when he fails to identify even one.]