It’s not until you are a victim of cyber hacking that you realise just how insecure the online world is. Last week, I received a text asking whether I had made an iTunes purchase 10 minutes earlier and if I hadn’t, I should follow the link provided. Being totally paranoid about clicking on anything that I am not 100 per cent sure is genuinely from a person or organisation I know and trust, I immediately rang my bank to check. Turns out someone had my card details and had made a test link to iTunes presumably to see if the card was active. The helpful bank security employee immediately cancelled my card.
So how did the cyber criminals get my card details? The bank security team says in the past two weeks they have been inundated with attempts to use stolen card details for online purchases. Presumably the hackers grabbed my details, along with a lot of others from one of the many companies that have experienced data breaches in the past few months or perhaps, few years.
But surely those companies have been taking precautions to protect their customers’ data? If they’d experienced cyber breaches surely they’d let us, the customers, know so we can do something about it – like alert our banks or cancel our credit cards?
Sadly, this doesn’t often happen. A recent article by Paul Smith in the Australian Financial Review (22 November) labelled as ‘shameful’ taxi industry disrupter Uber’s recent cover up of a serious data breach that led to 57 million customer and driver records being exposed.
All too often we see large corporations, either through negligence or simply an inability to keep up with the techie bad guys, leaking our precious financial data. Take the Equifax breach in the US for example, which resulted in the personal data of more than 145 million people being stolen.
Equifax’s share price dropped like the proverbial hot scone, down by about 25% per cent since the hack according to a November 10 article in Fortune Magazine.
The big problem here is that, up to this point, companies have not been compelled to disclose that they have been hacked and that personal financial and other data has been compromised. Many organisations seem to have worked on the premise that if they say nothing the whole thing will go away eventually.
But that’s about to change. From February 23 2018, organisations will have to inform the Office of the Australian Information Commissioner and any affected individuals of an ‘eligible data breach’.
This means that putting safeguards in place and having a crisis communication and management plan to cover this eventuality is a must.
As Uber has found, trying to cover up a breach can have a major impact upon reputation and the bottom line. I know many people who’ve cancelled their accounts to avoid the risk of their data being stolen once again. Will customers or drivers trust Uber in the future?
As PR practitioners, we’ve always recommended that our clients establish and maintain a working crisis communication plan to ensure key audiences like customers, employees, shareholders and the media are kept informed when disaster strikes. If your organisation doesn’t have one of these you need to get one.
How the cyber-crooks got hold of my personal credit card details is anyone’s guess. One thing I do know is that the breach will leave me without an operational credit card in the lead-up to Christmas. While that’s not necessarily a bad thing, it’s certainly inconvenient.