Wednesday, June 9, 2010

AT&T pays steep price for data breach silent treatment

The unraveling of AT&T's fortress of silence since Gawker revealed a monumental security break of 114,000 high level iPad owner e-mail addresses is instructional on many levels.

Hackers exploited a security hole on AT&T's web site, informed the telecommunications giant about the problem, and the hole was closed. After being ignored by much of the mainstream media about this discovery, the hackers tipped off Gawker who went live with the story.

Apple didn't respond to any press queries, instead punting to their partners at AT&T, who gave a rather self-incriminating and not particularly convincing statement. It seems a "business customer" contacted them on Monday about his iPad ID being exposed, the issue was "escalated" to "its highest levels" and corrected by Tuesday.

Except today is Wednesday.

In other words, AT&T seems to have gambled that no word of this breach was going to reach the press. A risk they have clearly lost. An inadvisable risk because once they decided to give the silent treatment, there was a good chance they'd lose control of their own story.

Did they think the hackers were not going to tout their accomplishment to the press? According to Forbes, the group immediately contacted Reuters, NewsCorp. The Washington Post and The San Francisco Chronicle. When none of them bit, they shrewdly went to Gawker. That only took, oh, a couple of days max.

Now AT&T has to back paddle, using one of corporate America's favorite PR phrases when they've screwed up: "We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."

Perhaps it would have been smarter for AT&T to have cut the hackers off at the pass and come out publicly on Monday or Tuesday explaining the incident, how it was handled swiftly, and that there was no fallout. The opportunity was there to take control of the story before somebody else ran with it skewed to their own taste.

Instead, AT&T is chasing a train that left the station without them and issuing statements to anybody who will listen.

No comments: