When It Comes to Data Breaches, Own Up to It

We all know that no company or organization wants to be portrayed in the media as “slipping on a bar of soap” when it comes to experiencing a data breach. The TJX breach story received more than 10,000 articles and countless amounts of coverage in the blogosphere. Of course, this is not a feel-good, evergreen story about what an amazing company TJX is — its about the victim of one of the largest data breaches of all time. Of course, the desire to avoid getting bad publicity does not trump the need for an organization to let the victims know that their personal data could be in the hands of criminals. Seems like a something we would learn in a 101-level business course, right? Treat the customer/employee/member with respect and do them no harm.

Well, the U.S. Navy did not get the memo. It took them 17 months to inform employees at the Naval Facilities Engineering Service Center in Port Hueneme, Calif., that their Social Security numbers had been inadvertently released. 17 months is a mighty long time. Check out full coverage of this Washington Post story here.

Retailer JC Penney took it to the next level and actually fought to keep its name secret during court proceedings related to the largest breach of credit card data on record. JC Penney was among the retailers targeted by Albert Gonzalez’s ring of hackers.

Both of these examples should remind all professionals about the consequences of not immediately addressing a data breach. You put your reputation, your business and your customers at risk. Is it really worth digging your head in the sand and hoping the problem will go away??