Are you prepared to tell over 24 million customers they’ve been compromised?

You probably heard of the recent cyber attack involving Zappos who had over 24 million customer accounts possibly compromised. After reading their email sent to Zappos’ employees and customers in response to the situation, I found a few items interesting and important to point out.

Zappos did a great job in making sure the employees were aware of the situation and communicated exactly what they would be telling their customers in response. This is important to ensure when customers call or email, employees know what was sent to the customer and what they should suggest to do in order to protect their information. In the email to the customers, Zappos said that not only should the account holders change their Zappos password but also any other account in which the same or similar password is used. Security experts agree that you should never use the same or similar password for multiple accounts for this very reason. If someone accesses one account, it is much easier to access your other accounts if they have the same or similar password.

Furthermore, Zappos told customers that the database storing critical credit card and payment information was not affected or accessed, but items such as the customer’s name, email address, billing and shipping address, phone number and the last four digits of the credit card number may have been compromised. You may not have personally identifiable information (PII) for 24 million contacts, but it’s just as important to safeguard ten customers’ PII as it is ten million.  Regardless of industry or sector, it is important for all organizations to understand what needs to be done to protect PII as well as report and respond to a breach if one occurs.

For one way to protect yourself, ask us about our PII Training course. Notifying those whose PII information was compromised is vital, and failure to act on this situation can lead to many legal issues. It’s much better, however, to avoid the breach in the first place.  It is important to understand your risks, how you can prevent an incident and how you plan to respond if an issue were to occur.