I just got an e-mail (see below) from the CTO of on-line movie streaming service Vudu telling me that thieves broke into their Silicon Valley offices recently and made off with computer hard drives containing customer data.
My immediate reaction was “yikes!” but then I read on.
Unlike a lot of notices that I get on an all too regular basis from banks and retail outlets, this wasn’t an impersonal message about an undisclosed “security event” that led to a compromise of customer data.
I was told specifically what was stolen and specifically what Vudu was going to do for me.
“Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers. It’s important to note that the drives did NOT contain full credit card numbers, as we do not store that information, ” the Vudu’s CTO Prasanna Ganesan said in the e-mail.
Ganesan went on to explain that “while the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well.”
Next, he explained that they had automatically expired every user’s password, requiring a new password before a subsequent log-in, set up a full FAQ page on their website to answer customer questions, and provided each and every customer with a free one year subscription to AllClear ID so we can see whether anyone has used our info for nefarious purposes.
With all this, by the time I got to the “we want you to know that we take this matter very seriously, and we apologize for any inconvenience this may have caused you” part of the e-mail, I believed him.
So, here’s what I learned from this.
- Be forthcoming. In a cyberconnected world, bad things are inevitably going to happen. I think everybody gets that by now. When bad things do happen and your customers are affected, let them know what happened and what you’re going to do for them to minimize the damage. Quickly.
- Be proactive. Then, you need to anticipate your customers concerns and proactively work to assuage them. In the case of this heist, Vudu didn’t stop at telling me that there was very little risk of my personal data being accessed. They proactively forced me to reset my password and gave me a full year of identity theft monitoring to make me feel better.
- Be sincere. When this kind of thing happens, the best approach is the straightforward approach. Acknowledge the incident, outline your response to it, provide a clear path for customer follow up, and work to make sure it doesn’t happen again.
All in all a good, thorough job of diffusing a potentially damaging situation. Good for the business. Good for the brand.
Well played Vudu.
I think I’ll download a movie tonight.
© 2013 Tom McCall
MC2: Pure Energy 
Plan subscription, the software is not getting any algo updates and
will not gather any relevant search data”. With the detailed consultation of every doctor in Vejthani Hospital, you can feel safe in our hands. Radio Transmitters for Model Aircrafts Recalled by Horizon Hobby Due to Impact and Laceration Hazards<.