Marketers who work for information and network security vendors tend to steer clear of the “fear, uncertainty and doubt” themes that dominate the industry.
Yet, spend ten minutes with one of their subject matter experts about the threats and risks in the digital and social world and the temptation to unplug becomes overwhelming. Hacking is now the domain of sophisticated cyber criminals, organized gangs and intelligence agencies — both foreign and domestic.
So, the news today that online retailer Zappos had been compromised wasn’t much of a shock. It has happened (and will continue to occur) to retailers because of the challenges that come with installing, managing and maintaining complex security procedures, processes and technologies.
Conducting commerce electronically has its risks. As a consumer, I’ve evaluated them and concluded the benefit outweighs the danger.
What I find irksome about the Zappos hack is the rather flippant tone of their Email informing customers. Here’s the Email I received today:
First, the bad news:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
THE BETTER NEWS:
The database that stores your critical credit card and other payment data was NOT affected or accessed.
OK…I get it…it could have been worse. The cyber criminals could have slinked away with my credit card information and social security number, in addition to the personal information they obtained.
Plus, Zappos prides itself on a culture defined by employee happiness with a dash of weirdness. It’s part of their brand differentiation.
Yet, any security breach creates a breakdown in trust between an organization and its customers. Simply put, their failure to adequately defend their network has compromised my personal information.
This is no time to be glib. What I want to hear is that they will put in place resources to help me protect my online identity while taking steps to better secure their network.
I asked about steps Zappos plans to take to protect their customers and received this Email response from their customer loyalty team:
Thank you for your response to our earlier email. We would like to extend our sincerest apologies for the inconvenience this may have caused and we truly understand the severity of the situation. As indicated in the previous email, the database that stores your critical credit card and other payment data was neither affected nor accessed.
The possible illegal and unauthorized access to customer account information is the standard information you find upon order receipts (i.e. your name, e-mail address, billing and shipping addresses, phone number and/or the last four digits of your credit card number).
Although not quite what I wanted to hear at least the reply was minus the jokes.