Once more into the Ameritrade Breach
Last week, I wrote:
It appears that Ameritrade is getting ahead of the story. Rather than have it dribble out by accident, they’re shaping the news by sending out a press release.
On further reading, both from readers commenting on that article, and things like Network World, “Ameritrade customers vent about data breach:”
The Ameritrade spokeswoman says the company believes no Social Security numbers have been taken because the only known illicit activity traceable to the breaches is spam, not identity theft.
Well, with a little more skepticism, words like “known” and “traceable” start to sound a lot less forthright. So perhaps my initial comment, that they’re shaping the news, was entirely on target, but in the wrong context.
There’s also this, from Information Week:
An attorney launching a class-action lawsuit against TD Ameritrade Holding alleges the online brokerage knew a hacker had access to a customer database as far back as a year ago.
As Rich Mogull says:
This is all Crisis Communications 101- as history has shown, the best way to defend your reputations in a major incident is to admit the failing, spare nothing to protect your customers, and act as openly and honestly as possible. Otherwise we wouldn’t have seen a bottle of Tylenol on a store shelf since the 1980’s.
It’s too bad Ameritrade won’t be the first company to really come clean in a major breach. Which means there’s still an opportunity for the CEO of another firm to get ahead of the problem and be remembered for their vision.
You’ll read about whoever it is here.