Dairy Queen's silence on data breach could have 'corrosive effect' on consumer perception, crisis expert says

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bizjournals.com/twincities/news/2014/08/29/dairy-queens-silence-on-data-breach-could-have.html

Two days have passed since Dairy Queen revealed that its stores may have
been hit with a data breach that could put customers at risk of credit card
fraud. So far, the company has not released any further information about
the possible intrusion.

The Edina-based restaurant chain hasn't said how many stores were affected,
how widespread the breach could be or how long it may have lasted. Though
its brief announcement included a statement that it is complying with an
investigation into the matter, it did not indicate what else it may be
doing to protect customers. There are no notifications to customers on the
company's home page, its Twitter feed or Facebook page. Company
representatives have not responded to requests for further comment.

Crisis communications specialist Jon Austin said that, while the breach may
not have a lasting impact on the brand, maintaining silence about the
breach is the wrong approach.

"There is some fraying that comes from this," Austin said. "They should
provide answers not because any one of these [incidents] is fatal, but if
happens over a long period of time or if it particularly mishandled it can
have a corrosive effect on the relationship with consumers."

Austin said that "a fairly standard corporate playbook" has evolved since
the massive data breach at Target Corp. at the end of 2013. The best
response is a proactive one, he said, which was exemplified by Supervalu
Inc. regarding its own data breach this summer.

On Aug. 15, the Eden Prairie-based grocery retailer and wholesaler
disclosed the breach. Within 24 hours, the company had issued a full list
of affected stores, along with information about the duration of the breach
and what the company was doing in response. Supervalu also established a
call center for concerned customers.

By contrast, Dairy Queen issued a short statement about the breach only
after KrebsOnSecurity blogger Brian Krebs reported an uptick in fraudulent
credit card activity tied to a possible data breach at Dairy Queen stores
in the Midwest and the South. The company said that the potential breach —
which is connected to the "Backoff" point-of-sale malware that hit Target
and Supervalu— might have affected a "limited number" of stores.

Dairy Queen's task of assessing the potential damage may be complicated by
its network of stores, which are owned by a wide variety of franchisees.
But Supervalu, too, has to deal with multiple store chains and different
ownerships.

Jim Lukaszewski, another crisis communications consultant, said that a
breach could be an opportunity to solidify the company's bond with
consumers, if handled in a transparent and timely way.

"There's very little risk to the company in announcing it, but there is
sometimes a management mentality that 'We'll wait until someone makes us,'"
Lukaszewski said. "The worst that can happen you empower people to protect
themselves."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!