An Open Letter to George Friedman and Stratfor
29 Dec 2011
Mr. George Friedman,
As one of Stratfor's Free Intelligence Report subscribers, I received an e-mail message from you expressing your "deep regret (that) an unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our paying subscribers." Your email went on to request feedback from me and your other subscribers about "this situation". Here's my response.
You clearly want to restore confidence among your customers and potential customers after a breach occurs. Your email was unsuccessful in doing that for two main reasons:
Instead of addressing these two critical challenges to your competence as a web-based business and provider of intelligence analysis, you've chosen to offer me one year of consumer identity protection services and pledged to continue sending me your free Security and Geopolitical weekly reports (which I've been unable to get you to stop sending me for well over a year). I hope that you can now see how ludicrous your attempt to restore my confidence is and instead will make a more sincere effort to 1) acknowledge what you did wrong, 2) apologize for it, and 3) tell me what you're going to do differently so that it won't happen again.
Sincerely,
Jeffrey Carr
CEO, Taia Global, Inc.
Author, "Inside Cyber Warfare" (O'Reilly Media 2009. 2011)
Mr. George Friedman,
As one of Stratfor's Free Intelligence Report subscribers, I received an e-mail message from you expressing your "deep regret (that) an unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our paying subscribers." Your email went on to request feedback from me and your other subscribers about "this situation". Here's my response.
You clearly want to restore confidence among your customers and potential customers after a breach occurs. Your email was unsuccessful in doing that for two main reasons:
- You failed to address why your customer credit card numbers weren't encrypted. This is probably the most serious aspect of your breach.
- You failed to disclose how the breach occurred. Anonymous is known for discovering simple website vulnerabilities and exploiting them. I'm guessing that that was the case for you, which means that there's an issue with your own risk assessment capabilities.
Instead of addressing these two critical challenges to your competence as a web-based business and provider of intelligence analysis, you've chosen to offer me one year of consumer identity protection services and pledged to continue sending me your free Security and Geopolitical weekly reports (which I've been unable to get you to stop sending me for well over a year). I hope that you can now see how ludicrous your attempt to restore my confidence is and instead will make a more sincere effort to 1) acknowledge what you did wrong, 2) apologize for it, and 3) tell me what you're going to do differently so that it won't happen again.
Sincerely,
Jeffrey Carr
CEO, Taia Global, Inc.
Author, "Inside Cyber Warfare" (O'Reilly Media 2009. 2011)
Comments
Post a Comment