* Erik Says Verio Good, Boston Globe Bad

How to have good customer service (Verio) and poor customer service (Boston Globe).

When it was reported that The Boston Globe printed and distributed 240,000 of its subscribers’ credit card numbers (http://www.siliconvalley.com/mld/siliconvalley/news/editorial/13764475.htm) (http://www.boston.com/news/local/massachusetts/articles/2006/01/31/globe_and_worcester_tg_customer_credit_info_mistakenly_released/?p1=MEWell_Pos2), it never occurred to me that I might be affected. But yesterday, we received a letter from The Boston Globe indicating that we may have been.

Compare and contrast the following two customer service letters. The first is from Verio, my ISP since 1997, the second is yesterday’s Globe letter. Verio (1) admits to a problem that is not it’s fault, (2) tells, in detail, what has been done to remedy the situation, and (3) gives me confidence that I can continue doing business with them. The Boston Globe, on the other hand (1) sort of admits to a problem that is it’s fault, (2) tells nothing about what has been done to remedy the situation (aside from giving me self-help info), and (3) gives me no confidence that I can continue doing business with them without having to worry that something like this (or worse) will happen again.

My favorite line from The Boston Globe letter is:

“Because the security of your private information is very important to us and because it is possible that your confidential data may have been unlawfully accessed, we are writing so that you may take steps to protect yourself from unauthorized use, fraud and identity theft.”

What about unlawfully disclosed by the Globe in the first place? Oh, that’s right, the security of my private information is very important to them. Somehow, I don’t get that feeling after reading this pseudo-apology of a letter.

What do you think? Comments are open. The full text of both letters (Verio and The Boston Globe) appears below.

—snip—

Date: Fri, 3 Jun 2005 14:25:12 -0600 
To: [DELETED]
From: no-reply@viaverio.com 
Subject: Brief service interruption-6/3/2005 

Dear Customer [DELETED]:

On 03-JUN-2005 18:50 GMT (14:50 EST / 11:50 PST), some 
servers in our Dulles, VA Premier Data Center were down due 
to a DOS (Denial of Service) attack directed at the data 
center.  The Verio Network Operations staff isolated the 
attack and restored network stability at approximately 19:00 
GMT.  This attack did not compromise the security of your 
server nor affect the data on your server, but did make the 
server inaccessible from the Internet. For your information, 
DOS (Denial of Service) attacks are caused by sending a 
massive amount of data towards one particular server.  Such 
large data floods usually involve a malicious party 
hijacking multiple insecure machines across the Internet for 
use in relaying data.

These insecure servers are then used to relay multiple data 
requests to many servers across multiple networks, which in 
turn redirect the requests to a single targeted host.  This 
flood of traffic clogs the network and routers, creating an 
interruption in service.  The perpetrator of these kinds of 
attacks is difficult to locate since the attack occurs 
across many servers within multiple networks.  
Unfortunately, due to the nature of the Internet and the 
fact that many servers on the Internet are vulnerable to be 
used as data relayers, there is a possibility that these 
types of attacks may continue to occur.  If you have any 
questions or concerns regarding this matter, feel free to 
contact us.

Here is a list of affected services:

[DELETED]

viaVerio Support Staff
support@viaverio.com

—snip—

The Boston Globe

February 2, 2006

Important Notice Regarding Your Personal Information

Dear Subscriber:

The Boston Globe and Worcester Telegram & Gazette are notifying
you as one of our home delivery subscribers who pay by credit or 
bank card that certain customers' card numbers, along with the card 
expiration dates and customers' names, were inadvertently disclosed 
on the back of distribution slips distributed with newspaper 
Bundles that were sent to retailers and newspaper carriers in the 
Worcester area this past Sunday, January 29th.  The Worcester 
Telegram and Gazette is also notifying their subscribers that 
certain bank routing information was also inadvertently released on 
some of these distribution slips.  Bank or credit card data for 
approximately 212,000 customers may have been released and your 
personal information may have been among that data.

The affected bundles were distributed to retail locations in the 
Worcester area and to Telegram & Gazette newspaper carriers.  
Representatives of the Globe and Telegram & Gazette have contacted 
as many of the retailers and carriers as possible to recover the 
distribution slips, although most slips are likely to already have 
been discarded.

Because the security of your private information is very important 
to us and because it is possible that your confidential data may 
have been unlawfully accessed, we are writing so that you may take 
steps to protect yourself from unauthorized use, fraud and identity 
theft.  We recommend that you contact your credit and bank card 
issuers to review your most recent card charges and bank account 
transactions.  If you discover that unauthorized charges appear on 
your accounts, please contact your card issuer right away to 
request that your current account be closed and a new card be 
issued. As a further precaution, we also recommend that you place a 
fraud alert on your credit file.

Specific information about protecting your credit lines and 
financial information is enclosed with this letter. Please 
review it closely.  Because of the increasing number of 
incidents of identity theft in the United States, the Federal Trade 
Commission (the "FTC") has made available excellent advice on how 
you can protect yourself against such frauds.  We recommend that 
you review the identity theft materials posted for consumers on the 
FTC's Web site, www.consumer.gov/idtheft/ and particularly, the 
posted copy of the FTC's booklet, "Take Charge: Fighting Back 
Against Identity Theft." You may also find similar useful 
information on the Office of the Massachusetts Attorney General's 
Web site, www.ago.state.ma.us/.

SF/21654888.9

[PAGE BREAK]

Law enforcement officials have been contacted and we will continue 
to closely monitor the situation.  We have also contacted the four 
major credit card companies, American Express, Discover, 
MasterCard, and Visa, and the three principal credit reporting 
bureaus, Equifax, Experian and TransUnion, to advise them of the 
situation.  Likewise, we are contacting the banks of affected 
subscribers, to the extent that your bank is known to us.  In 
addition, we have adopted enhanced security measures to assure the 
confidentiality of customer information at both newspapers.

We endeavor to provide our customers with the highest levels of 
customer service.  To this end, we are reaching out right away to 
support those customers who may have been affected by this 
unfortunate incident:

- We have set up a special number for you to call, 1-888-665-2644, 
should you have any questions about this incident or need 
additional information.

- We would like to offer you a free credit monitoring service for 
up to one year to help you through this process, if you choose to 
access it.  Please go to www.bostonglobe.com/bgcode and follow the 
instructions for registering for this service.  If you do not have 
Internet access or are having problems registering, please contact 
us at the toll-free number above.

Our sincerest apologies for any inconvenience or concern that this 
incident may have caused you.  Your business is very important to 
us.  Again, if you have further questions or concerns, please call 
us at 1-888-665-2644 so we can assist you.

Sincerely,

[SIGNATURE]
Richard H. Gilman
Publisher, The Boston Globe

SF/21654888.9

[PAGE BREAK]

Steps to take to protect your credit and identity

Should you ever believe your identity has been stolen or that you 
are at risk of having your identity stolen, you can follow the 
Federal Trade Commission's ("FTC's") guidelines on protecting 
yourself against identity theft.  The FTC works for the consumer to 
prevent fraudulent, deceptive, and unfair business practices in the 
marketplace and to provide information to help consumers spot, stop 
and avoid them.

First, you should contact your credit and bank card issuers as soon 
as possible to review your accounts for unauthorized charges or 
transactions.  If there are unauthorized charges or if you 
otherwise believe that your card number has been taken by an 
unauthorized person, you should inform your card issuer on the 
phone and in writing that the charges were not authorized by you, 
and you should request that your current card account be closed and 
a new card issued in your name.

You may wish to consider placing a fraud alert on your credit file.  
A fraud alert tells creditors to contact you before they open any 
new accounts or change your existing credit accounts.  Because 
creditors seek additional verification from you when a fraud alert 
is in place on your credit file, one effect of the fraud alert is 
that it slows the processing time for opening new accounts and 
making changes on your existing accounts.

To place a fraud alert on your credit file, call anyone of the 
three major credit bureaus.  As soon as one credit bureau processes 
your fraud alert, it will notify the other credit bureaus on your 
behalf to place fraud alerts.  All three credit reports will be 
sent to you, free of charge, for your review.

Equifax 1-800-525-6285

Experian 1-888-397-3742

Trans UnionCorp 1-800-680-7289

Even if you do not initially find any suspicious activity on your 
card accounts, credit reports and/or bank statements, the FTC 
recommends that you check your credit reports, card charges and 
financial statements regularly.  Victim information sometimes is 
held for use or shared among a group of thieves at different times.  
Checking your credit reports, card charges and financial statements 
periodically can help you spot problems and address them quickly.  
Once a year you can obtain a free credit report by calling 
1-877-322-8228 or going online to www.annualcreditreport.com.

If you find suspicious activity on your accounts or have reason to 
believe that your personal information is being misused, please 
contact us at 1-888-665-2644 because it

SF/21654888.9

[PAGE BREAK]

may be necessary for you to file a police report and obtain a copy 
of that police report.

Many creditors require the information the police report contains 
to absolve you of the fraudulent debts.

You may also want to file a complaint with the FTC, which will be 
logged into its database of identity theft cases used by law 
enforcement agencies for investigations.  To get free information 
or file a complaint with the FTC, you may call the FTC at 
1-877382-4357, or use the complaint form at 
http://www.consumer.gov/idtheft/.

SF/21654888.9