Wednesday, April 06, 2011


Recently,  two companies that have widespread businesses, which hold enormous databases of customer information, managed by third parties,  have had their information databases  compromised, dare I say it, by hackers.  The emails informing customers of this uncomfortable truth, though not the same, do have much the same terms of conciliation and flavour of apology.  It might be difficult to vary too much, a straightforward every day style of vocabulary in a potentially worrying message.    In both cases, access was, we are informed,  solely to email addresses.  

The first company carefully stated that payment and financial information had not been accessed or compromised in any way.  There is no suggestion that there was anything more than an uncovering of email addresses with the latest problem. We may, the advisory email warns, receive unwanted emails.

The first company that sent notification to its customers about the  breach of confidentiality, approximately a month ago, followed up with a reassuring email, assuring customers that there really was tight security with financial information and that it was held in a separate and different database storage facility.  

The newest advice, so far, is only about access to email addresses.  Both organisations named their database management company.  Does naming the 'culprit' make it easier, I wonder, for the contractor to appear to be less responsible?

There are other questions worth raising. The suggestion is that our financial data is more secure.  If that is so, why is it so?  If a particularly high, or, more secure level of  security is installed in one area of commerce, why is it deemed less necessary to offer the same level of security for customer personal contact data, which,  should be of equal importance?

No comments: