An Open Letter From Chairman And CEO Ken Dahlberg

TO: Those directly affected by SAIC's security failure
       All our customers
       All those whose personal information has been entrusted to SAIC

A security failure by an SAIC organization in the handling of customer data placed the personal information of certain uniformed service members, family members and others at risk of potential compromise.

SAIC remedied the security lapse upon learning of it and began working with the customers to mitigate the impact of any possible compromise of the data. Forensic analysis has not yielded any evidence that any personal information was actually compromised; however, the possibility cannot be ruled out. SAIC is notifying approximately 580,000 households, some with more than one affected person.

We deeply regret this lapse. I offer my personal apology to those service members and their families who may be affected by this, and to the customers who did not receive from SAIC the high level of performance they have learned to expect and deserve. Our focus now is on providing support to those persons who may be affected by this, and to vigorous internal efforts to make sure that such a lapse does not recur.

The security lapse involved a single, unsecured SAIC-owned server at one SAIC location and in some cases information was transmitted over the Internet in an unencrypted form. A number of employees have been placed on administrative leave pending the outcome of our investigations.

With the concurrence of the government, SAIC is providing affected individuals with the services of Kroll Inc. They will receive a free, one-year membership in Kroll Inc.'s IDTheftSmart™ identity restoration service.

Kroll will provide affected persons with information on credit, fraud and identity theft matters. Kroll will also staff a call center with extended hours for the convenience of those posted overseas, for whom calling during the U.S. business day is a hardship. In addition, SAIC will provide its own experts who will be available to take referrals from Kroll when Kroll personnel are unable to satisfy caller questions or concerns.

We are committed to responsibly addressing any adverse consequences to the uniformed service and family members involved, and to our customers.

We are responding to this situation in a comprehensive way by taking the following actions:

• Detailed Forensic Analysis - We conducted extensive data and forensic analyses of the affected server to determine the scope of the potential compromise and to identify any evidence of unauthorized access to the data. We have engaged the help of some of the company's and the government's top experts in computer security.
• Initiated Internal Investigation - We launched an internal investigation employing outside counsel to determine exactly how this security lapse occurred and placed a number of employees on administrative leave pending the outcome of the investigation. The results of the investigation will be used to develop lessons learned for the benefit of the company and its customers.
• Address Service Member Impact - We established a company-wide task force to ensure that the company responsibly addresses any adverse impact on the company's customers and any affected individuals. The Kroll services to be provided at company expense to the affected individuals are described above.
• Assess and Enhance Data Security - We initiated a systematic, company-wide assessment to ensure that such lapses do not exist elsewhere in the company. This effort is being led by one of SAIC's most senior executives to ensure the necessary resources of the company are focused on this issue. The assessment will determine whether any changes in policy, training methods, tools and monitoring are needed. The company initiated a data protection and security assurance improvement program we call "Defense in Depth" two years ago. It is a strong, multi-level security initiative that was not followed in this instance. We will apply the lessons learned here to further improve the effort and ensure this type of security lapse does not happen again.

In conclusion, I want to share with you my message to SAIC employees about this situation:

It is completely unacceptable and occurred as a result of clear violations of SAIC's strong internal IT security policies. We did not live up to the high level of performance that our customers have learned to expect and demand from us.

Again, I deeply regret the concern this potential compromise may cause.

Sincerely,

Ken Dahlberg
Chairman of the Board and Chief Executive Officer