we are writing to inform you of an incident - words no organization ever wants to have to tell their clients or customers.

The letter begins...

“We are writing to inform you of an incident that may have involved your personal information…”

Immediately visions begin to flash across your mind as your heart sinks, that you are about to embark on a long, frustrating process of aggravating, endless phone calls on hold, digging through a tangled web of financial information, and chasing down dark trails of bogus expenses.

This letter was sent to a colleague regarding a recent data breach with Vendini, Inc., a national box office entertainment service where he purchased a ticket online with a credit card about a month previous. The letter goes on to say,

"…the company detected an unauthorized intrusion into its information systems… your information may have been compromised.”

After offering its apologies and trying to reassure my colleague with the steps they’ve been taking under federal law enforcement, it then offers fraud resolution services paid for by the company that suffered the data breach.
 

Let’s break down the potential damage of this single incident, and estimate what it might cost the company to recover in expenses, reputation and future business...

 

Expenses

The company hasn’t disclosed the number of records affected by the breach, but according to a report with the Attorney General’s office by WCSH TV in Maine, it’s estimated that the state of Maine alone could have as many as 23,000 ticket buyers who may have been affected. Multiply that by 50 states along with Canada and you could have well over 1 million records that may have been compromised. A quick trip to the Hub International Data Breach Cost Calculator and we can begin to see just how costly such an event might be. Considering Incident Investigation, Notification and Crisis Management, Regulatory and Industry Sanctions and the potential for a Class Action Lawsuit, this puts an estimated cost of recovery at around $16,828,000 dollars, or $17 per record. That's 16 million with a capital "O" for "Ouch."

Reputation

The damage is revealed with a statement released to its customers describing what is at stake from the break in. They indicate that customer’s personal information including names, mailing addresses, email addresses, phone numbers, credit card numbers, and expiration dates may have been stolen.This means that every individual who has used the service to purchase tickets ranging from performing arts to cruise lines may now question the security of the service. This doesn’t leave a warm and fuzzy feeling from its customer base toward the company’s reputation. In addition, any mistakes made after the breach, whether real or perceived, could add to the reputation carnage. In this instance, many customers complained as to why the company took well over a month to notify them of the breach. The company stated that “they wanted to avoid interfering with the investigation…”

 

Future Business

Ultimately the company’s reputation and its future business will be left in the hands of how “forgiving” its customer base will be. Though the cause of the incident isn't necessarily by any fraudulent activity on the part of the company itself, it is what they did NOT do… that is, secure the sensitive information of its customers. It’s uncertain exactly how the incident occurred, but the underlying theme remains the same. Whether data is compromised by cyberattack, or an unsecured lost flash drive, a data breach is a painful situation to any organization.

Summary

The idea here, of course, is not to scare, but to inform organizations of why it is so important to secure sensitive data. Organizations must do all they can to secure sensitive information, and guard against the damage a data breach can cause. The seriousness of not acting, or under-acting cannot be overstated. The costs to put strong security measures in place are minimal compared to the lethal, potential cost of a single data breach. Failing to plan is a plan for failure.
 

To learn about Kanguru’s data security solutions, and our commitment to helping you guard against a data breach, see our Data Security video. Contact us to learn about the variety of options available to meet any budget large or small.

 

See Kanguru Secure Products:

Defender Secure USB Drives

Kanguru Remote Management


-----------------------------
Kanguru Solutions is a global leader in developing secure USB data storage, remote management, secure remote access, device duplication, and more. With both cloud and onsite server options, we provide flexible solutions for a range of organizations, from enterprise to the home. Kanguru is committed to delivering the best in easy-to-use, secure IT products, data storage and duplication. For more information on Kanguru, please visit www.kanguru.com.

 

Kanguru Solutions Marketing
marketing@kanguru.com
508.376.4245

wheres the image?