Wednesday, March 28, 2012

How many paragraphs would you write?

If you aren't already familiar with this case, Geopolitical Analysis group Stratfor ( was hacked towards the end of last year and subsequently lost:

  • 5 Million E-mails
  • 800,000 user password hashes
  • 76,000 credit card hashes
Note: For the novice among us, a hash does not mean that it resided in plain text, but it's pretty close.

The CEO of Stratfor posted a 19 paragraph response on his website talking about the attack and then what occurred afterwards.  Essentially his response was to try to repair some of the damage that had been done to its user base and take responsibility for its compromise of security

 George Friedman - CEO of Stratfor states:

"In early December I received a call from Fred Burton, Stratfor's vice president of intelligence. He told me he had received information indicating our website had been hacked and our customer credit card and other information had been stolen."

"We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it."

See Reference:

Put yourself in this situation as an IT Manager, Director, COO, CIO, or CEO.  How many paragraphs would you write to the public if your site had been compromised?

No comments:

Post a Comment