This blog covered the news of Convio's recent security breach closely. We noted that despite Convio's best efforts to notify all 92 nonprofits impacted by the hacker - it seems only a handful of nonprofits made the news public.
Today I came across three stories of the breach that told the story - all with a slightly different tone:
Roger Craver at The Agitator applauded Gene Austin, Convio's CEO for prompt and open recognition and acknowledgement of problems - saying that it was a critically important part of the process of building trust. Roger even thought Austin "deserved a raise."
Compare that to Allan Benamer over at the Non-Profit Tech Blog who was not so gracious in giving Convio a "C-".
Convio gets that “C-” for the late disclosure and for not doing due diligence properly on their GetActive acquisition. However, Dave Crooke did a decent job of answering technical questions regarding the breach despite the fact that he did it on an e-mail list when he should have done it on the Convio site itself. However, Tad Druart, Convio’s Director of Corporate Communications, did a good thing by not only alerting the press but also the blogosphere. It was a calculated decision to be sure, but Tad probably tamped down on the level of blogging cattiness by the likes of yours truly and others.I have to think Allen is referring to me as one of the others who might have been catty if Tad had not reached out to me to answer questions and offer official statements.
Finally, I thought it was interesting how the brief story on page 32 of the November 15th Chronicle of Philanthropy gave Gene Austin an opportunity to give the money quote... blaming the problem solely on the ghost of GetActive.
Despite the fact that roughly half of Convio's 1300 clients use the GetActive software, Austin told the Chronicle that he thinks the attackers may have focused on GetActive because, in the past, "Convio has put more investment in security than GetActive."