How Devastating Was the LivingSocial Security Breach?
Talk about a bad deal. An e-mail from LivingSocial CEO Tim O’Shaughnessy on Saturday advised customers that a cyber attack on the company’s computer systems led to unauthorized access to some customer data, including names, e-mail addresses, dates of birth and encrypted passwords.
Some 50 million customers in North America, Latin America, the U.K., Ireland, Australia, New Zealand, Malaysia and Southern Europe were affected by the attack.
Not affected, according to Mr. O’Shaughnessy, was the database storing credit card information and Facebook information for those who connect to LivingSocial through the social media site.
"The security of your information is our priority," he wrote. "We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future."
Not all were assuaged by the LivingSocial CEO’s assurances.
"In light of recent successful widespread attacks against major social networking sites, it’s obvious that these providers are simply not doing enough to protect their customers’ information," George Tubin, senior security strategist at Trusteer, told Reuters.
LivingSocial, the number two daily deal site to Groupon, is partly owned by Amazon.com. The e-tailer, which has a 29 percent share in LivingSocial, invested $56 million in the company in the first quarter.
Discussion Questions
Will the recent breach of LivingSocial’s systems have an effect on its business? Do you agree with the assessment that companies such as LivingSocial are “not doing enough” to safeguard consumers’ information?
It seems this topic has become our bi-weekly discussion point. This time it’s living social, last time it was Schnucks, next time… ?
In the grab for data and money, many companies are far from doing their due diligence and keeping data as secure as possible. They seem to be focused on their interests and not those of their customers. While there will never be 100% security, many many companies need to budget and ramp up security either in house or via 3rd party experts. If they’re not doing enough on the security side of customer care, it also makes you wonder how concerned/careful they are with how they use/share data internally or with 3rd party vendors.
Data breaches happen either through social engineering or computer hacking. In this case, other than Date of Birth, hackers routinely get the same type of information by hacking personal Yahoo email accounts.
I feel the answers to these two questions are quite simple:
1. Yes a breach like this will have an effect, especially since it included information like birth date and passwords.
2. If the criminal element is getting smarter and smarter, companies are going to need to do more to protect data and accounts on the web.
3. On the reverse side, it is amazing what the public gets used to and is willing to accept. They seem to be forgiving of almost anything that happens to them on the web.
So I’m a LivingSocial customer, and I received the email. What’s interesting to me is that my account was created using Facebook’s credentials. So there was no password or user name to steal. Does that make me feel any better? Absolutely not! It just raises more questions. Who has the data associated with my account? LivingSocial or Facebook? Would hackers be able to access my birthday—captured by Facebook—if I authorized LS to access my FB profile? I have no idea.
Whenever there is a security breach, not only does it affect the retailer/merchant, it also impacts others. As we become more and more dependent and continue to use the technology available to us to transfer sensitive information, be it for online purchases, credit applications, etc., there will be concern from the customer.
The bottom line is this is a confidence issue. There are steps consumers can take, by purchasing identity theft protection. There are also steps the merchant can take, by insuring that the data is protected and they they are insured against any breaches.
Companies like AllClear work with merchants to create confidence at the “friction point,” which is where the customer has to share their sensitive and personal information. AllClear works with the merchant to give the customer confidence that they can share that information because the company is protecting them from a breach.
I know plenty of people that have a low confidence level when it comes to sharing information online or even over phone with a company’s representative.
The point is that with new technology, comes opportunity. The opportunities fall in convenience and enhancements for customers and merchants. And, unfortunately these new opportunities also give the criminals another place to commit their crimes. Until we come up with stronger preventative measures, whenever a major breach takes place, it not only has an effect on the company, but the entire industry.
This should be an excellent test of David’s (and others) theory that “all press is good press.” After all, how many of us would give any thought to LS but for this—being second to Groupon sounds little better than being second to Western Union at this point—but perhaps they can give a positive spin on things (“50 million were affected worldwide, but 7 billion weren’t!”).
Are companies doing “enough”? Given that the technology changes weekly…daily…hourly… (it’s changed just while I’ve been writing this), they could always “do more,” so strictly speaking, no they aren’t…and they never will be.
It would appear that a number of sites just have’t gotten the message. Cybersecurity is no longer a necessary evil; it’s the lifeblood of online companies. It’s distressing that customer-facing businesses continue to bet their existence while cheating on their own security.
If a firm is going to gather private or semi-private information about the consumer, they have to diligently guard against compromising the consumers’ privacy.
This is a tit for tat expectation that the consumer rightfully holds.
It’s a slippery slope to loss of confidence in trust should a firm breach that confidence. Depending upon what information that is compromised, the costs in time to correct, and potentially in hard assets could be devastating or cataclysmic.
These breaches are indeed becoming too common and reflect not only inadequate security, but also the increasingly value of customer data. This will always have a business impact and it should, namely raising the bar on data security. At the same time, these breeches will have a larger and larger impact on how consumers will increasingly opt-out when companies are not responsible with their data. This is not just a LivingSocial issue, but rather one for all consumer marketers.