Poor incident response? Bad PR, Monday edition

新僵尸网络来了!全球超百万组织已被恶意感染 美国澳大利亚最严重
If you cant prevent a breach, cant you at least fake genuine concern?  You know, the At <blahblahblah>, we take your privacy and security very seriously bit?
Mark Flamme reports on a Key Bank breach where the banks response to notification of a problem is at least as problematic as the breach itself.
After a customer found himself with access to another customers complete history and details, he attempted to alert the bank.
“They told me, ‘Don’t worry. Just don’t worry.’ That’s all I can get out of them,” Brito said. “I sat on hold for 45 minutes for, supposedly, a supervisor who said, ‘Don’t worry. We’re taking care of it.’ I can look at a Connecticut man’s bank statements for the past 10 years. How is that a ‘don’t worry’ situation?”
The Sun Journal didn’t have any better luck. A call to a 24-hour hotline was answered by a representative who passed on a number for the Key Bank Corporate Headquarters Customer Complaint Resolution Department. Calls to that number, and to a third number for bank executive relations, were not answered.
A message left at the Complaint Resolution Department was not returned.
Read more on Sun Journal.
Now maybe the employee intended to be reassuring with the Dont worry, response, but that was unsatisfactory to the now-worried customers. Think about what you could say in that situation that might reassure a customer.
Thanks to the reader who sent in this item.



网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
横渡海峡如履平地 中国某船厂同时造5艘先进气垫船