In the event that anyone on your organization’s information security team becomes complacent about the need to be ever diligent about maintenance and updating of information security levels in your organization — a privacy breach incident recently announced at Zappos.com should be adequate reminder that risk mitigation in this area is a 24/7 ongoing area of responsibility.
Zappos CEO Tony Hsieh had to recently notify customers by email stating that the Zappos web marketplace system location that houses customer privacy centric information was compromised — asking them to create a new password for their accounts immediately.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Hsieh said in his email. “It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ information was not affected or accessed.”
Click here to view a copy of that email along with Hsieh’s email message to Zappo’s employees.
Although you never want to face such a situation in your own organization, certainly, Zappos’ reaction to this incident may contain valuable lessons to pass along to your own in-house information security, crisis and risk management and disaster preparedness teams.