Debriefing
Do-It-Yourself Disclosure
Dear [circle one: Sir or Madam/Valued Customer/Alumni and Friends/Ms. Hilton] ...
By Scott Berinato
June 01, 2005 — CSO — (Your Logo Here)
Dear [circle one: Sir or Madam/Valued Customer/Alumni and Friends/Ms. Hilton],
We [circle one: regret to/feel it's our obligation to/are required by law to/hope you don't sue when we] inform you that we suffered a security breach [circle all that apply: last week/ last month/last quarter/let's just say "a while ago"] on our computer systems. You can rest assured that we [circle one: have fixed/feel like we're close to identifying who might be able to help us figure out who to call to help us fix] the problem.
As a result of the attack by [circle one: underground/shadowy/foreign] hacking syndicates, some private information about you may have been [circle a few: compromised/misplaced/ sold to identity thieves on the black market/auctioned off on eBay]. The personally identifying information that we lost may include your [circle all that apply: name/address/phone number/credit card number/Social Security number/tax return information/criminal record/ PIN numbers/iPod playlists/peculiar affinity for Thomas Kinkade paintings/unfortunate incident in Guadalajara during college/cell phone number/car keys/voting history/American Idol voting history/health-care records/bank records/entire life savings].
Like we said, you can rest assured, we have taken several steps so that this kind of incident doesn't happen to us again.
Please contact [circle all that apply: the Social Security Administration/all three credit agencies/your bank/your health insurance provider/your HR department/your pastor or rabbi/old girlfriends you might have Googled recently/Guadalajara Mayor Emilio Gonzalez Marquez/the IRS/Thomas Kinkade].
[Circle one: Unfortunately,/We regret to add that/Our lawyers tell us that/Lucky for us,] we can't help you with any of this because it might spur [circle all that apply: class-action/ shareholder] and frivolous lawsuits, which would prevent us from serving you as a valued customer in the future.
Please accept our [optional: sincere] concern for your situation for which we have no legal liability. Also, you wouldn't have to deal with this much [circle one: pain/material loss/correspondence] if California hadn't passed a law that [circle your favorite: with dictatorial rigor/quite unconstitutionally/evilly] forces us to inform you of the incident. If you don't want to deal with this again, consider calling your U.S. representative and lobbying to have the law [circle one: repealed/condemned to holy hell/shoved where the sun don't shine].
Sincerely,
[Your name/Your temporary CPO's name here]
Other stories by Scott Berinato
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
