January 23, 2012 by Carsen
Are you prepared to tell over 24 million customers there was a security breach at your organization?
You probably heard of the recent cyber attack involving Zappos who had over 24 million customer accounts possibly compromised. After reading their email sent to Zappos’ employees and customers in response to the situation, I found a few items interesting and important to point out.
Zappos did a great job in making sure the employees were aware of the situation and communicated exactly what they would be telling their customers in response. This is important to ensure when customers call or email, employees know what was sent to the customer and what they should suggest to do in order to protect their information.
In the email to the customers, I thought it was great Zappos said that not only should the account holders change their Zappos password but also any other account in which the same or similar password is used.
Security experts agree that you should never use the same or similar password for multiple accounts for this very reason. If someone accesses one account, it is much easier to access your other accounts if they have the same or similar password.
Furthermore, Zappos told customers that the database storing critical credit card and payment information was not affected or accessed, but items such as the customer’s name, email address, billing and shipping address, phone number and the last four digits of the credit card number may have been compromised.
You may not have personally identifiable information (PII) for 24 million contacts... but it’s just as important to safeguard ten customer’s PII as it is ten million. Regardless of industry or sector, it is important for all organizations to understand what needs to be done to protect PII as well as report and respond to a breach if one occurs.
For one way to protect yourself, ask us about our newest PII Training course. Notifying those whose PII information was compromised is vital, and failure to act on this situation can lead to many legal issues. It’s much better, however, to avoid the breach in the first place. It is important to understand your risks, how you can prevent an incident and how you plan to respond if an issue were to occur.
Check out the other courses in our compliance library here.
Read the email Zappos wrote in response to the attack here.
The author: Gregg Nelson is the General Manager of Sales & Operations at Global Learning Systems.Read More...