How to have good customer service (Verio) and poor customer service (Boston Globe).
When it was reported that The Boston Globe printed and distributed 240,000 of its subscribers’ credit card numbers (http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13764475.htm) (http://www.boston.com/news/local/massachusetts/articles/2006/01/31/globe_and_worcester_tg_customer_credit_info_mistakenly_released/?p1=MEWell_Pos2), it never occurred to me that I might be affected. But yesterday, we received a letter from The Boston Globe indicating that we may have been.
Compare and contrast the following two customer service letters. The first is from Verio, my ISP since 1997, the second is yesterday’s Globe letter. Verio (1) admits to a problem that is not it’s fault, (2) tells, in detail, what has been done to remedy the situation, and (3) gives me confidence that I can continue doing business with them. The Boston Globe, on the other hand (1) sort of admits to a problem that is it’s fault, (2) tells nothing about what has been done to remedy the situation (aside from giving me self-help info), and (3) gives me no confidence that I can continue doing business with them without having to worry that something like this (or worse) will happen again.
My favorite line from The Boston Globe letter is:
“Because the security of your private information is very important to us and because it is possible that your confidential data may have been unlawfully accessed, we are writing so that you may take steps to protect yourself from unauthorized use, fraud and identity theft.”
What about unlawfully disclosed by the Globe in the first place? Oh, that’s right, the security of my private information is very important to them. Somehow, I don’t get that feeling after reading this pseudo-apology of a letter.
What do you think? Comments are open. The full text of both letters (Verio and The Boston Globe) appears below.
—snip—
Date: Fri, 3 Jun 2005 14:25:12 -0600 To: [DELETED] From: no-reply@viaverio.com Subject: Brief service interruption-6/3/2005 Dear Customer [DELETED]: On 03-JUN-2005 18:50 GMT (14:50 EST / 11:50 PST), some servers in our Dulles, VA Premier Data Center were down due to a DOS (Denial of Service) attack directed at the data center. The Verio Network Operations staff isolated the attack and restored network stability at approximately 19:00 GMT. This attack did not compromise the security of your server nor affect the data on your server, but did make the server inaccessible from the Internet. For your information, DOS (Denial of Service) attacks are caused by sending a massive amount of data towards one particular server. Such large data floods usually involve a malicious party hijacking multiple insecure machines across the Internet for use in relaying data. These insecure servers are then used to relay multiple data requests to many servers across multiple networks, which in turn redirect the requests to a single targeted host. This flood of traffic clogs the network and routers, creating an interruption in service. The perpetrator of these kinds of attacks is difficult to locate since the attack occurs across many servers within multiple networks. Unfortunately, due to the nature of the Internet and the fact that many servers on the Internet are vulnerable to be used as data relayers, there is a possibility that these types of attacks may continue to occur. If you have any questions or concerns regarding this matter, feel free to contact us. Here is a list of affected services: [DELETED] viaVerio Support Staff support@viaverio.com
—snip—
The Boston Globe
February 2, 2006
Important Notice Regarding Your Personal Information
Dear Subscriber:
The Boston Globe and Worcester Telegram & Gazette are notifying
you as one of our home delivery subscribers who pay by credit or
bank card that certain customers' card numbers, along with the card
expiration dates and customers' names, were inadvertently disclosed
on the back of distribution slips distributed with newspaper
Bundles that were sent to retailers and newspaper carriers in the
Worcester area this past Sunday, January 29th. The Worcester
Telegram and Gazette is also notifying their subscribers that
certain bank routing information was also inadvertently released on
some of these distribution slips. Bank or credit card data for
approximately 212,000 customers may have been released and your
personal information may have been among that data.
The affected bundles were distributed to retail locations in the
Worcester area and to Telegram & Gazette newspaper carriers.
Representatives of the Globe and Telegram & Gazette have contacted
as many of the retailers and carriers as possible to recover the
distribution slips, although most slips are likely to already have
been discarded.
Because the security of your private information is very important
to us and because it is possible that your confidential data may
have been unlawfully accessed, we are writing so that you may take
steps to protect yourself from unauthorized use, fraud and identity
theft. We recommend that you contact your credit and bank card
issuers to review your most recent card charges and bank account
transactions. If you discover that unauthorized charges appear on
your accounts, please contact your card issuer right away to
request that your current account be closed and a new card be
issued. As a further precaution, we also recommend that you place a
fraud alert on your credit file.
Specific information about protecting your credit lines and
financial information is enclosed with this letter. Please
review it closely. Because of the increasing number of
incidents of identity theft in the United States, the Federal Trade
Commission (the "FTC") has made available excellent advice on how
you can protect yourself against such frauds. We recommend that
you review the identity theft materials posted for consumers on the
FTC's Web site, www.consumer.gov/idtheft/ and particularly, the
posted copy of the FTC's booklet, "Take Charge: Fighting Back
Against Identity Theft." You may also find similar useful
information on the Office of the Massachusetts Attorney General's
Web site, www.ago.state.ma.us/.
SF/21654888.9
[PAGE BREAK]
Law enforcement officials have been contacted and we will continue
to closely monitor the situation. We have also contacted the four
major credit card companies, American Express, Discover,
MasterCard, and Visa, and the three principal credit reporting
bureaus, Equifax, Experian and TransUnion, to advise them of the
situation. Likewise, we are contacting the banks of affected
subscribers, to the extent that your bank is known to us. In
addition, we have adopted enhanced security measures to assure the
confidentiality of customer information at both newspapers.
We endeavor to provide our customers with the highest levels of
customer service. To this end, we are reaching out right away to
support those customers who may have been affected by this
unfortunate incident:
- We have set up a special number for you to call, 1-888-665-2644,
should you have any questions about this incident or need
additional information.
- We would like to offer you a free credit monitoring service for
up to one year to help you through this process, if you choose to
access it. Please go to www.bostonglobe.com/bgcode and follow the
instructions for registering for this service. If you do not have
Internet access or are having problems registering, please contact
us at the toll-free number above.
Our sincerest apologies for any inconvenience or concern that this
incident may have caused you. Your business is very important to
us. Again, if you have further questions or concerns, please call
us at 1-888-665-2644 so we can assist you.
Sincerely,
[SIGNATURE]
Richard H. Gilman
Publisher, The Boston Globe
SF/21654888.9
[PAGE BREAK]
Steps to take to protect your credit and identity
Should you ever believe your identity has been stolen or that you
are at risk of having your identity stolen, you can follow the
Federal Trade Commission's ("FTC's") guidelines on protecting
yourself against identity theft. The FTC works for the consumer to
prevent fraudulent, deceptive, and unfair business practices in the
marketplace and to provide information to help consumers spot, stop
and avoid them.
First, you should contact your credit and bank card issuers as soon
as possible to review your accounts for unauthorized charges or
transactions. If there are unauthorized charges or if you
otherwise believe that your card number has been taken by an
unauthorized person, you should inform your card issuer on the
phone and in writing that the charges were not authorized by you,
and you should request that your current card account be closed and
a new card issued in your name.
You may wish to consider placing a fraud alert on your credit file.
A fraud alert tells creditors to contact you before they open any
new accounts or change your existing credit accounts. Because
creditors seek additional verification from you when a fraud alert
is in place on your credit file, one effect of the fraud alert is
that it slows the processing time for opening new accounts and
making changes on your existing accounts.
To place a fraud alert on your credit file, call anyone of the
three major credit bureaus. As soon as one credit bureau processes
your fraud alert, it will notify the other credit bureaus on your
behalf to place fraud alerts. All three credit reports will be
sent to you, free of charge, for your review.
Equifax 1-800-525-6285
Experian 1-888-397-3742
Trans UnionCorp 1-800-680-7289
Even if you do not initially find any suspicious activity on your
card accounts, credit reports and/or bank statements, the FTC
recommends that you check your credit reports, card charges and
financial statements regularly. Victim information sometimes is
held for use or shared among a group of thieves at different times.
Checking your credit reports, card charges and financial statements
periodically can help you spot problems and address them quickly.
Once a year you can obtain a free credit report by calling
1-877-322-8228 or going online to www.annualcreditreport.com.
If you find suspicious activity on your accounts or have reason to
believe that your personal information is being misused, please
contact us at 1-888-665-2644 because it
SF/21654888.9
[PAGE BREAK]
may be necessary for you to file a police report and obtain a copy
of that police report.
Many creditors require the information the police report contains
to absolve you of the fraudulent debts.
You may also want to file a complaint with the FTC, which will be
logged into its database of identity theft cases used by law
enforcement agencies for investigations. To get free information
or file a complaint with the FTC, you may call the FTC at
1-877382-4357, or use the complaint form at
http://www.consumer.gov/idtheft/.
SF/21654888.9
