In case you haven’t seen the latest type of Dear John letter (who hasn’t?), here is one I received yesterday. The names have been removed to protect the not-so-innocent.
“We’re writing to you directly to update you on a recent cyber-attack that xxx is actively responding to. Regrettably, the attack has resulted in the theft of some customer data. The attacker appears to have stolen personal information that was held by xxx service providers, impacting customers across both Australia and New Zealand.
“As of today, we understand that approximately xxx,000 identification documents, [most] of which are copies of drivers’ licenses, were stolen from one service provider. Approximately xxx,000 customer records were stolen from a second service provider.
“Xxx apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed. We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack. As a valued customer, we thank you for your understanding and patience. Our services remain available and you should have confidence in using them. Please continue to monitor xxx’s website where we will be publishing further information as it becomes available.”
Apart from obfuscation and platitudes, there is not much here. Notice how “service providers” get the blame. Good luck changing your accounts, passwords, credit cards, and (hopefully) provider!
This doesn’t happen to everyone. It happens to organisations who haven’t bothered to adequately protect your data through strong access controls, encryption, quarantine, backup and data handling policy. Sometimes, fundamental information management principles have been flouted.
Emantra has solutions that will help minimise the risk of this type of cybercrime and keep you off the front page for the wrong reasons.