How to have good customer service (Verio) and poor customer service (Boston Globe).
When it was reported that The Boston Globe printed and distributed 240,000 of its subscribers’ credit card numbers (http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13764475.htm) (http://www.boston.com/news/local/massachusetts/articles/2006/01/31/globe_and_worcester_tg_customer_credit_info_mistakenly_released/?p1=MEWell_Pos2), it never occurred to me that I might be affected. But yesterday, we received a letter from The Boston Globe indicating that we may have been.
Compare and contrast the following two customer service letters. The first is from Verio, my ISP since 1997, the second is yesterday’s Globe letter. Verio (1) admits to a problem that is not it’s fault, (2) tells, in detail, what has been done to remedy the situation, and (3) gives me confidence that I can continue doing business with them. The Boston Globe, on the other hand (1) sort of admits to a problem that is it’s fault, (2) tells nothing about what has been done to remedy the situation (aside from giving me self-help info), and (3) gives me no confidence that I can continue doing business with them without having to worry that something like this (or worse) will happen again.
My favorite line from The Boston Globe letter is:
“Because the security of your private information is very important to us and because it is possible that your confidential data may have been unlawfully accessed, we are writing so that you may take steps to protect yourself from unauthorized use, fraud and identity theft.”
What about unlawfully disclosed by the Globe in the first place? Oh, that’s right, the security of my private information is very important to them. Somehow, I don’t get that feeling after reading this pseudo-apology of a letter.
What do you think? Comments are open. The full text of both letters (Verio and The Boston Globe) appears below.
Date: Fri, 3 Jun 2005 14:25:12 -0600 To: [DELETED] From: firstname.lastname@example.org Subject: Brief service interruption-6/3/2005 Dear Customer [DELETED]: On 03-JUN-2005 18:50 GMT (14:50 EST / 11:50 PST), some servers in our Dulles, VA Premier Data Center were down due to a DOS (Denial of Service) attack directed at the data center. The Verio Network Operations staff isolated the attack and restored network stability at approximately 19:00 GMT. This attack did not compromise the security of your server nor affect the data on your server, but did make the server inaccessible from the Internet. For your information, DOS (Denial of Service) attacks are caused by sending a massive amount of data towards one particular server. Such large data floods usually involve a malicious party hijacking multiple insecure machines across the Internet for use in relaying data. These insecure servers are then used to relay multiple data requests to many servers across multiple networks, which in turn redirect the requests to a single targeted host. This flood of traffic clogs the network and routers, creating an interruption in service. The perpetrator of these kinds of attacks is difficult to locate since the attack occurs across many servers within multiple networks. Unfortunately, due to the nature of the Internet and the fact that many servers on the Internet are vulnerable to be used as data relayers, there is a possibility that these types of attacks may continue to occur. If you have any questions or concerns regarding this matter, feel free to contact us. Here is a list of affected services: [DELETED] viaVerio Support Staff email@example.com
The Boston Globe February 2, 2006 Important Notice Regarding Your Personal Information Dear Subscriber: The Boston Globe and Worcester Telegram & Gazette are notifying you as one of our home delivery subscribers who pay by credit or bank card that certain customers' card numbers, along with the card expiration dates and customers' names, were inadvertently disclosed on the back of distribution slips distributed with newspaper Bundles that were sent to retailers and newspaper carriers in the Worcester area this past Sunday, January 29th. The Worcester Telegram and Gazette is also notifying their subscribers that certain bank routing information was also inadvertently released on some of these distribution slips. Bank or credit card data for approximately 212,000 customers may have been released and your personal information may have been among that data. The affected bundles were distributed to retail locations in the Worcester area and to Telegram & Gazette newspaper carriers. Representatives of the Globe and Telegram & Gazette have contacted as many of the retailers and carriers as possible to recover the distribution slips, although most slips are likely to already have been discarded. Because the security of your private information is very important to us and because it is possible that your confidential data may have been unlawfully accessed, we are writing so that you may take steps to protect yourself from unauthorized use, fraud and identity theft. We recommend that you contact your credit and bank card issuers to review your most recent card charges and bank account transactions. If you discover that unauthorized charges appear on your accounts, please contact your card issuer right away to request that your current account be closed and a new card be issued. As a further precaution, we also recommend that you place a fraud alert on your credit file. Specific information about protecting your credit lines and financial information is enclosed with this letter. Please review it closely. Because of the increasing number of incidents of identity theft in the United States, the Federal Trade Commission (the "FTC") has made available excellent advice on how you can protect yourself against such frauds. We recommend that you review the identity theft materials posted for consumers on the FTC's Web site, www.consumer.gov/idtheft/ and particularly, the posted copy of the FTC's booklet, "Take Charge: Fighting Back Against Identity Theft." You may also find similar useful information on the Office of the Massachusetts Attorney General's Web site, www.ago.state.ma.us/. SF/21654888.9 [PAGE BREAK] Law enforcement officials have been contacted and we will continue to closely monitor the situation. We have also contacted the four major credit card companies, American Express, Discover, MasterCard, and Visa, and the three principal credit reporting bureaus, Equifax, Experian and TransUnion, to advise them of the situation. Likewise, we are contacting the banks of affected subscribers, to the extent that your bank is known to us. In addition, we have adopted enhanced security measures to assure the confidentiality of customer information at both newspapers. We endeavor to provide our customers with the highest levels of customer service. To this end, we are reaching out right away to support those customers who may have been affected by this unfortunate incident: - We have set up a special number for you to call, 1-888-665-2644, should you have any questions about this incident or need additional information. - We would like to offer you a free credit monitoring service for up to one year to help you through this process, if you choose to access it. Please go to www.bostonglobe.com/bgcode and follow the instructions for registering for this service. If you do not have Internet access or are having problems registering, please contact us at the toll-free number above. Our sincerest apologies for any inconvenience or concern that this incident may have caused you. Your business is very important to us. Again, if you have further questions or concerns, please call us at 1-888-665-2644 so we can assist you. Sincerely, [SIGNATURE] Richard H. Gilman Publisher, The Boston Globe SF/21654888.9 [PAGE BREAK] Steps to take to protect your credit and identity Should you ever believe your identity has been stolen or that you are at risk of having your identity stolen, you can follow the Federal Trade Commission's ("FTC's") guidelines on protecting yourself against identity theft. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. First, you should contact your credit and bank card issuers as soon as possible to review your accounts for unauthorized charges or transactions. If there are unauthorized charges or if you otherwise believe that your card number has been taken by an unauthorized person, you should inform your card issuer on the phone and in writing that the charges were not authorized by you, and you should request that your current card account be closed and a new card issued in your name. You may wish to consider placing a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing credit accounts. Because creditors seek additional verification from you when a fraud alert is in place on your credit file, one effect of the fraud alert is that it slows the processing time for opening new accounts and making changes on your existing accounts. To place a fraud alert on your credit file, call anyone of the three major credit bureaus. As soon as one credit bureau processes your fraud alert, it will notify the other credit bureaus on your behalf to place fraud alerts. All three credit reports will be sent to you, free of charge, for your review. Equifax 1-800-525-6285 Experian 1-888-397-3742 Trans UnionCorp 1-800-680-7289 Even if you do not initially find any suspicious activity on your card accounts, credit reports and/or bank statements, the FTC recommends that you check your credit reports, card charges and financial statements regularly. Victim information sometimes is held for use or shared among a group of thieves at different times. Checking your credit reports, card charges and financial statements periodically can help you spot problems and address them quickly. Once a year you can obtain a free credit report by calling 1-877-322-8228 or going online to www.annualcreditreport.com. If you find suspicious activity on your accounts or have reason to believe that your personal information is being misused, please contact us at 1-888-665-2644 because it SF/21654888.9 [PAGE BREAK] may be necessary for you to file a police report and obtain a copy of that police report. Many creditors require the information the police report contains to absolve you of the fraudulent debts. You may also want to file a complaint with the FTC, which will be logged into its database of identity theft cases used by law enforcement agencies for investigations. To get free information or file a complaint with the FTC, you may call the FTC at 1-877382-4357, or use the complaint form at http://www.consumer.gov/idtheft/. SF/21654888.9