Monday, November 5

The scary silence that followed Convio's security breach

It seems like Convio has done their part by getting the information out to clients regarding the security breach. What seems extremely troubling to me is that not all of the organizations seem to have contacted their donors/constituents to notify them of the risk they may face.

Granted - no credit card details were compromised. But, am I the only dummy out here who uses the same password for multiple online sites. If a hacker got my password from a GetActive client that I supported... I would be a prime target for identify theft if that same hacker tried to access my Yahoo! or PayPal account.

That is the next (and scariest) phase of this story.

Convio can only lead their clients by providing draft emails... they can't make the clients actually send the email to their constituents. Should they be more proactive and contact the affected people themselves? Is Convio legally allowed to contact these constituents?


All too often I've seen nonprofits try to sweep bad news under the rug and hope that it goes away. This is not one of those cases.

If you lost a set of keys and those keys have your address printed on the keychain, don't you have an obligation to notify the people who you share that house, apartment, or office with? What would you do if that happened to you? Do you keep your mouth closed and hope no one breaks in? And if they do, would you continue to pretend the thief didn't get the key from you?

1 comment:

Anonymous said...

Hey great post. Thought I'm not sure I agree with you 100%. Keep em coming. Are you interested in having anyone guest post opposing views?