This is Not a Game You Want to Play In - Customer Information Stolen by Hackers


I just simply cannot believe that yet another corporate giant has had its customer data stolen by hackers. It’s the biggest one ever – more than half a billion account details were “stolen” from Yahoo at the last news broadcast that I heard. Together with the recent MySpace, eBay, LinkedIn, Sony, AOL and many other breeches of data, this brings the total number of accounts affected to almost two billion. What’s worse is that some of these companies claim that the theft happened two years previously. It’s no wonder we are all getting spammed and phished too regularly!

To make things worse, what happened in most of these cases is not that a name and email address were stolen, but things like telephone numbers, dates of birth, identity numbers, secure encrypted passwords, questions about favourite teachers or dogs’ names, and the personal information, hobbies, interests and habits of each user. In some, (but not all the cases,) banking and credit card details were also compromised. Two billion times! Some hackers have now even come up with a bold plan – months after getting your information, they hack into your computer, and download all your data so that you are left with nothing on your hard drive. The next you hear is an emailed ransom note telling you that unless you pay $500 dollars today, you lose everything. And tomorrow the price goes up to $1000.

What really gets to me, however, is that most of these companies are in the IT world. They don’t farm potatoes, nor do they manufacture plastic toys, nor do they run hotels. No, their living is made from computers and software, for goodness sake. They sell us a level of competence and skills which most of us are actually clueless about.

And now they expect us to trust them? They cannot be trusted – in spite of all the reassurances that, “We will never share your personal information with others.” Yeah… right. And clouds are also safe. Gimme a break – do you think I’m stupid or something?

Like with most other corporate embarrassments, the apologies are laughable. Since Yahoo’s is the most recent, I’ll selectively quote from their letter to users: “A recent investigation has confirmed… that a copy of certain user account information was stolen… by what it believes was a state-sponsored actor… Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account…” (The words “state-sponsored actors” appear at least four times in their statement, but the words “sorry” and “apologise” are not even used once. Not even once.) They don’t express any regret at all, even though they openly admit to now, years later, shutting the gate after the horse has bolted. Too little, too late, and very, very arrogant.

They then go into making suggestions and recommendations about what their customers must check, change and take urgent action upon to fix this problem – a time-consuming event which is probably at least 30 minutes work for just website. So they screwed up, blamed others but not themselves, not even bothered to apologise, and then dumped the problem squarely on my lap.

Of course, it’s not just only the IT industry that is guilty of this. Banks, cell phone companies, short-term insurance, airlines, motor vehicle manufacturers and many other giants are also very clever about doing exactly the same to their customers – and then lie and cheat and intimidate to avoid problems. It’s no wonder that the trust has been eroded – we don’t even trust the news anymore.

But what these companies don’t realise is that customers may seem powerless and forgiving, but their memories are long. (To tell you the truth, I believe that as customers we often get the experiences that we deserve because we allow companies to get away with things like this.) If we assume that most purchases – even in the business-to-business world – are made mostly (or in part) emotionally, then when there is disappointment, betrayal, anger and even disgust with a company, everything changes in the relationship. And most importantly, when customers feel this way, their loyalty turns into a sense of emptiness and indifference towards your company - or worse.

They often feel a need for revenge, and they do this not only by withdrawing their current and future business, but through other actions: they don’t pay their accounts on time; they tell as many other people as will listen via word of mouth, the social media and traditional media; they actively discourage others from doing business with you; they abuse your staff, your property, your equipment, and your systems; they threaten - and in some cases actually take - legal action, or get authorities and legislative bodies involved; and the few who do complain are aggressive, unreasonable and unforgiving.

These actions, in turn, have their own consequences: as your company’s reputation takes a dive, you need to do more PR and spin-doctoring; your marketing and sales costs shoot through the roof, (and customers don’t believe your marketing messages anyway); you inevitably start losing market share and have to start taking desperate measures like cutting prices and paying greater commissions; staff are demoralised and demotivated, and your best people leave first; you have to spend money to investigate and recover from customer unhappiness, and all transactions now become non-routine; and your competitors just love it all, and use the vulnerable position of your company to take advantage.

It’s all so unnecessary – and expensive. And it’s mostly completely avoidable and preventable. The question is: Are your company’s executives, managers, staff and shareholders happy to pay the price of these shoddy practices? I know that I don’t have a Yahoo account anymore.