BreachExchange mailing list archives
Dairy Queen's silence on data breach could have 'corrosive effect' on consumer perception, crisis expert says
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 2 Sep 2014 18:04:19 -0600
http://www.bizjournals.com/twincities/news/2014/08/29/dairy-queens-silence-on-data-breach-could-have.html Two days have passed since Dairy Queen revealed that its stores may have been hit with a data breach that could put customers at risk of credit card fraud. So far, the company has not released any further information about the possible intrusion. The Edina-based restaurant chain hasn't said how many stores were affected, how widespread the breach could be or how long it may have lasted. Though its brief announcement included a statement that it is complying with an investigation into the matter, it did not indicate what else it may be doing to protect customers. There are no notifications to customers on the company's home page, its Twitter feed or Facebook page. Company representatives have not responded to requests for further comment. Crisis communications specialist Jon Austin said that, while the breach may not have a lasting impact on the brand, maintaining silence about the breach is the wrong approach. "There is some fraying that comes from this," Austin said. "They should provide answers not because any one of these [incidents] is fatal, but if happens over a long period of time or if it particularly mishandled it can have a corrosive effect on the relationship with consumers." Austin said that "a fairly standard corporate playbook" has evolved since the massive data breach at Target Corp. at the end of 2013. The best response is a proactive one, he said, which was exemplified by Supervalu Inc. regarding its own data breach this summer. On Aug. 15, the Eden Prairie-based grocery retailer and wholesaler disclosed the breach. Within 24 hours, the company had issued a full list of affected stores, along with information about the duration of the breach and what the company was doing in response. Supervalu also established a call center for concerned customers. By contrast, Dairy Queen issued a short statement about the breach only after KrebsOnSecurity blogger Brian Krebs reported an uptick in fraudulent credit card activity tied to a possible data breach at Dairy Queen stores in the Midwest and the South. The company said that the potential breach — which is connected to the "Backoff" point-of-sale malware that hit Target and Supervalu— might have affected a "limited number" of stores. Dairy Queen's task of assessing the potential damage may be complicated by its network of stores, which are owned by a wide variety of franchisees. But Supervalu, too, has to deal with multiple store chains and different ownerships. Jim Lukaszewski, another crisis communications consultant, said that a breach could be an opportunity to solidify the company's bond with consumers, if handled in a transparent and timely way. "There's very little risk to the company in announcing it, but there is sometimes a management mentality that 'We'll wait until someone makes us,'" Lukaszewski said. "The worst that can happen you empower people to protect themselves."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Dairy Queen's silence on data breach could have 'corrosive effect' on consumer perception, crisis expert says Audrey McNeil (Sep 05)