BarneyC writes:
There are any number of approaches to data breaches in business today. Whilst regulation is ever trying to get to the point where notification of breach is mandatory there are still plenty of businesses out there who will go to all sorts of lengths to sweep things under the carpet rather than own up.
Not so Hell – a truly rocking pizza company in New Zealand. Certainly no stranger to controversy – some of their marketing campaigns have been widely criticised, Hell seems to be taking the bull-by-the-horns and going all out to keep people happy.
Today I received an email from them…
Dear Valued Hell Customer,
We have been approached by a party claiming to be in possession of customer details from the previous Hell website which is no longer in operation. The samples that we received included details of four customers from 2006, including phone numbers and email addresses and order information. We can confirm that credit card data was not at risk as this is held independently on a secure banking website.
Read more on Exponere.
See? It is possible to alert people to a breach or security problem and wind up with the customer feeling pleased with how the company handles things.
And the wrong approach to a data breach; http://breachblog.com/2010/07/22/lincoln-national-reports-breach-to-new-hampshire-attorney-general.aspx
Dissent, are you here? Lovin’ your work!
-Evan
Heya Evan — great to see you here!
I blogged about the Lincoln breach, too (here), but more of just reporting on that one without commentary.
I just read your blog entry — excellent analysis, as always. FYI: this was the Lincoln group’s THIRD reported breach within the past year, and in not one of those breaches did Lincoln’s own personnel discover or uncover the breach — in all three cases, it appears that they they were notified by others of breaches or possible exposure that had been going on for quite a while.
Feel free to jump in/comment whenever the spirit moves you. I always enjoy reading your analyses.
/Dissent