Poor incident response? Bad PR, Monday edition
If you can’t prevent a breach, can’t you at least fake genuine concern? You know, the “At <blahblahblah>, we take your privacy and security very seriously” bit?
Mark Flamme reports on a Key Bank breach where the bank’s response to notification of a problem is at least as problematic as the breach itself.
After a customer found himself with access to another customer’s complete history and details, he attempted to alert the bank.
“They told me, ‘Don’t worry. Just don’t worry.’ That’s all I can get out of them,” Brito said. “I sat on hold for 45 minutes for, supposedly, a supervisor who said, ‘Don’t worry. We’re taking care of it.’ I can look at a Connecticut man’s bank statements for the past 10 years. How is that a ‘don’t worry’ situation?”
The Sun Journal didn’t have any better luck. A call to a 24-hour hotline was answered by a representative who passed on a number for the Key Bank Corporate Headquarters Customer Complaint Resolution Department. Calls to that number, and to a third number for bank executive relations, were not answered.
A message left at the Complaint Resolution Department was not returned.
Read more on Sun Journal.
Now maybe the employee intended to be reassuring with the “Don’t worry,” response, but that was unsatisfactory to the now-worried customers. Think about what you could say in that situation that might reassure a customer.
Thanks to the reader who sent in this item.