Businesses today are at a big disadvantage in trying to combat data breaches, as there are so many ways that they can happen. Sometimes, they can originate from outside hacking groups. Or, they can come from malevolent internal actors. Other times, they can happen by mistake.
Just recently, for instance, news broke about a phone company whose customers received an email asking for a copy of their driver’s license. The purpose of the email was, supposedly, to verify their address — a move that the company deemed necessary to prevent fraud.
As is to be expected, many customers replied and provided the company with their personal data after they were solicited. But there was a problem: Responses were sent to every other recipient who had received the original notification.
According to The Verge, this was no phishing scam. Rather, the data breach was due to an email misconfiguration. The email did in fact come from the phone manufacturer, but it was sent as a group email. So when customers replied, they did so without knowing that they were sending their sensitive personal data to every other recipient on the list.
Unfortunately, there is little that the company can do to rectify this situation. It remains to be seen whether a class action lawsuit will be filed against the company, or whether the company will attempt to settle the case individually. It’s not clear exactly how many customers were impacted, or whether any of the misplaced data was used in a harmful way.
What is clear, though, is that there will be some sort of negative repercussion for this company. If nothing else, the company now has to live with a tarnished reputation. It’s hard to imagine that customers will be pleased about this error. And some may now be questioning whether they want to continue doing business with this organization.
So, what could have been done to prevent this situation? It comes down to being careful. This was a simple mistake that was not caught, and wound up leading to a data breach.
Here are some tips as to how you can avoid this issue:
Use experienced agents: Always make sure that the people who are managing your day-to-day customer needs are experienced and of the highest quality. Simply put, hire agents that know what they are doing and will be less likely to make small and careless mistakes.
Have employees double check their work: Encourage your contact center employees to work smarter, not faster. Rather than rush to complete a task and hit quota, have them slow down and double check their work. Asking employees to think through problems rather than rush them or dash them off could go a long way in preventing costly errors.
Avoid using email lists for sensitive requests: If possible, avoid asking to verify identities using an outdated or inefficient platform like email. Instead, ask customers to securely log into your website and verify the data themselves. It’s much safer this way.