Email data breaches: where will it end?

Following my earlier post on the two email security breaches at trusted brands that have my email address data, it seems that bad news really does come in threes. McKinsey Quarterly is the latest to write to me over the weekend to tell me about my name and email address becoming “exposed”. 

Here’s the email I received:

 Important information from McKinsey Quarterly

We have been informed by our e-mail service provider, Epsilon, that your e-mail address was exposed by unauthorized entry into their system. Epsilon sends e-mails on our behalf to McKinsey Quarterly users who have opted to receive e-mail communications from us.

We have been assured by Epsilon that the only information that was obtained was your first name, last name and e-mail address and that the files that were accessed did not include any other information. We are actively working to confirm this. We do not store any credit card numbers, social security numbers, or other personally identifiable information of our users, so we can assure you that no such information was accessed.

Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. Also know that McKinsey Quarterly will not send you e-mails asking for your credit card number, social security number or other personally identifiable information. So if you are ever asked for this information, you can be confident it is not from McKinsey.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

If you have any questions or concerns, please contact McKinsey Quarterly at info@mckinseyquarterly.com. For any media inquiries, please contact Humphrey Rolleston at +1-212-415-5321.

Sincerely,

Rik Kirkland
Senior Managing Editor
McKinsey & Company

How can businesses make this bad news land better?

As discussed in my previous post, businesses need to be open, honest and complete from the outset. Customers have the right to know EXACTLY what happened to their data, why it happened, and to be told what steps have been taken to ensure that the risk of it happening again has been minimised.

And when they do so, please use plain English- “Exposed by unauthorised entry” means nothing, and gives me no confidence that this can’t happen again:

  • Did a rogue employee leave a USB stick on the bus? If so, tell me.
  • Did someone hack into your systems? If so, tell me.
  • Have law enforcement been informed? If so/not, why?
  • And most importantly, what are you doing to make sure the chances of this happening again have been mitigated? 

Where will this end?

If these high-profile ‘breaches’, ‘exposures’ and ‘compromises’ continue, then the foundation of permission-based marketing will be rapidly eroded- trust.

I trust brands to look after my data responsibly. I hold them accountable for keeping this safe, including any arrangement they have with any 3rd party supplier. So when something goes wrong, don’t I have the right to be reassured that it won’t happen again? If not legislatively, then morally?

“Trust is like a vase…once it’s broken, though you can fix it, the vase will never be the same again”

(Author unknown)

Advertisements

2 thoughts on “Email data breaches: where will it end?

  1. Matt Ward

    Superb blog Steve.

    Trust is the absolute key word here. Trust us as consumers to be able to deal with honest feedback and explanations when we get it. Don’t assume we don’t want to hear the truth about how data goes missing, no matter how unpalatable the reason may be. Like you say, if an erroneous employee was the cause, just say so, don’t try and dress it up in code.

    It’s not just about managing data responsibly in the first place, it’s about being equally responsible when things go wrong and being straight with people.

    This is the first blog of yours that I’ve gone into. Very much looking forward to reading the others.

    Reply
  2. Pingback: PLAY AGAIN? Will SONY win back customer trust following data breach? « Steve Revill's Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s