Crisis Response over Customer Password Leak Looks Inadequate
The days are gone when it’s possible to respond to an online security slip-up by minimizing the potential damage to customers.
Business customers of Canada Post complained that they were able to view other customers’ login IDs and passwords, and other personal information.
The response, quoted in the Globe and Mail:
François Legault, a spokesman for Canada Post, could not specify the root cause of the security breach, but said the federal agency believes the available “out of date” usernames and passwords pose no threat to its customers. Mr. Legault said the federal agency - which farms out all of its IT services to third parties such as Innovapost and IBM - had addressed the problem.
But a Yahoo search of cached websites Friday revealed more Sell Online usernames and login attempts.
“Obviously, we unfortunately won’t be able to find and eliminate all the cached daily files, but over time they will expire and we’re confident there’s no risk that someone can use this information to steal identities,” Mr. Legault said.
No, it’s not obvious, and no, customers don’t share their confidence that they’re safe from identity theft. The Globe article quotes a couple of business customers contacted and told by a reporter what their passwords were.
Just because a password has expired, doesn’t mean the same password isn’t being used on other accounts, as Michael Geist says in the article.
Such a breach calls for a warning to all customers who might be affected, so they can take protective measures by changing their passwords on other sites, too. Maybe Canada Post took such action, but you wouldn’t know it from the media and its website.
Tags: privacy, identity theft, business, mail, warnings, passwords, canada post, online, security, ibm, innovapost
Related Stories
POSTED IN: Apologies, Crisis Communications, Customers, PR, Reputation Management, Spin
0 opinions for Crisis Response over Customer Password Leak Looks Inadequate
No one has left a comment yet. You know what this means, right? You could be first!
Have an opinion? Leave a comment: