Thursday, November 15

Coverage of Convio security breach varies

This blog covered the news of Convio's recent security breach closely. We noted that despite Convio's best efforts to notify all 92 nonprofits impacted by the hacker - it seems only a handful of nonprofits made the news public.

Today I came across three stories of the breach that told the story - all with a slightly different tone:

Roger Craver at The Agitator applauded Gene Austin, Convio's CEO for prompt and open recognition and acknowledgement of problems - saying that it was a critically important part of the process of building trust. Roger even thought Austin "deserved a raise."

Compare that to Allan Benamer over at the Non-Profit Tech Blog who was not so gracious in giving Convio a "C-".

Convio gets that “C-” for the late disclosure and for not doing due diligence properly on their GetActive acquisition. However, Dave Crooke did a decent job of answering technical questions regarding the breach despite the fact that he did it on an e-mail list when he should have done it on the Convio site itself. However, Tad Druart, Convio’s Director of Corporate Communications, did a good thing by not only alerting the press but also the blogosphere. It was a calculated decision to be sure, but Tad probably tamped down on the level of blogging cattiness by the likes of yours truly and others.
I have to think Allen is referring to me as one of the others who might have been catty if Tad had not reached out to me to answer questions and offer official statements.

Finally, I thought it was interesting how the brief story on page 32 of the November 15th Chronicle of Philanthropy gave Gene Austin an opportunity to give the money quote... blaming the problem solely on the ghost of GetActive.

Despite the fact that roughly half of Convio's 1300 clients use the GetActive software, Austin told the Chronicle that he thinks the attackers may have focused on GetActive because, in the past, "Convio has put more investment in security than GetActive."


abenamer said...

I've updated my blog to reflect the fact that Convio has changed their website to include an online alert.

By the way, I wouldn't go so far as Roger Craver did in suggesting Gene Austin deserved a raise. I'm actually more embarrassed for Mr. Craver that he would suggest such a thing. I don't usually step on marketing people's shoes when it comes to brand identity and they certainly don't have the chops to talk about security breaches. If Mr. Craver had actually spent time trying to understand the issue and what really happened, he wouldn't be so sanguine about it.

"a fundraiser" said...

I really like Roger... but I gotta agree. I was surprised to see him heap such praise on the response without asking more questions about the condititions that allowed it to happen or what the negative impacts will be down the line.

Anonymous said...

Many thanks.