The Official Assura Blog
Tuesday, March 18, 2008
Yet another mass breach of credit card information
"Those who cannot learn from history are doomed to repeat it." -- George Santayana
I know, it's an overused quotation but it is one of those very simple quotes that cuts through the mire with razor sharp clarity.
This time it's Hannaford Bros., an east coast grocery chain. 4.2 million credit card accounts compromised.
Security, incident response, and crisis management are tough because to do them right requires constant vigilance and a saturation of cultural awareness lacking in most organizations. I don't know the particulars of how thiis specific compromise was achieved, but as Hannaford is about to find out, security, incident response, and crisis management done right rather than on the cheap are easier than the fallout of a major security breach, delayed containment, and botched public communications.
I know, it's an overused quotation but it is one of those very simple quotes that cuts through the mire with razor sharp clarity.
This time it's Hannaford Bros., an east coast grocery chain. 4.2 million credit card accounts compromised.
Security, incident response, and crisis management are tough because to do them right requires constant vigilance and a saturation of cultural awareness lacking in most organizations. I don't know the particulars of how thiis specific compromise was achieved, but as Hannaford is about to find out, security, incident response, and crisis management done right rather than on the cheap are easier than the fallout of a major security breach, delayed containment, and botched public communications.
Labels: Crisis Management, Legal Liability, Privacy, Security
Thursday, February 14, 2008
The $54M Laptop
A woman from Washington, DC is suing Best Buy for $54M over the loss of her laptop computer claiming that she was exposed to potential identity theft and that Best Buy didn't notify her in a timely manner about the loss/theft. The $54M price tag is because, "I had to come up with a number that was significant enough that might force them to pay attention to me."
The Victim, Ms. Raelyn Campbell received $1,110.35 to compensate for the price of the laptop plus a $500.00 gift card for her inconvenience, which she donated to charity.
Now, I'm certainly the first one on the dog pile when some company or government agency blows it and compromises personal information because they were too lazy or inept to implement proper controls (and Best Buy was certainly guilty of that in this case), but Ms. Campbell also had a duty to protect her own information either through the use of file encryption (hint: it's built into Windows) or be removing any confidential information before handing it over to Geek Squad.
In this case, I think Best Buy acted entirely appropriately to clean it up with Ms. Campbell (how they could have prevented this from happening in the first place is a different matter). Hopefully a judge will see this for the publicity stunt that it is.
The Victim, Ms. Raelyn Campbell received $1,110.35 to compensate for the price of the laptop plus a $500.00 gift card for her inconvenience, which she donated to charity.
Now, I'm certainly the first one on the dog pile when some company or government agency blows it and compromises personal information because they were too lazy or inept to implement proper controls (and Best Buy was certainly guilty of that in this case), but Ms. Campbell also had a duty to protect her own information either through the use of file encryption (hint: it's built into Windows) or be removing any confidential information before handing it over to Geek Squad.
In this case, I think Best Buy acted entirely appropriately to clean it up with Ms. Campbell (how they could have prevented this from happening in the first place is a different matter). Hopefully a judge will see this for the publicity stunt that it is.
Labels: Privacy