Managing the aftermath of data breaches

The most interesting aspect of the recently reported data breach at Heartland Payment Systems is the relatively light press coverage. The full scale of the breach has yet to be established, but it has been suggested that it might run into tens of millions of credit and debit transaction details, making it one of the largest data breaches reported so far. 

Specialist publications such as SC Magazine covered the story, as did security bloggers such as Brian Krebs and Stuart King, but there has been surprisingly little mainstream media attention, given that such stories certainly appeal to the press. That might of course be attributed to the timing, coinciding with coverage of the new US Presidency and the worsening state of the global economy. Burying bad news is a classic tactic for minimising reputation damage.

Even better is to apologise and offer compensation to your customers. The TJX Group have certainly got this right, rewarding customers with a special sale offering a one-day “Customer Appreciation” sale in its US and Canadian outlets to express appreciation for their customers’ continuing loyalty. Saying sorry with a January sale is a smart business move.   

Good management of the aftermath of breaches enables crisis-hit organisations to come out on top. That’s important given that the sophistication of modern attacks continues to outstrip the capabilities of traditional countermeasures and compliance requirements. There are many more breaches yet to come. All organisations with sensitive or critical data need to ensure that they are well equipped to manage a potential crisis. It’s vital to long term business survival.