Blog Entries

On August 20th, we brought you the story of Monster.com losing 1.6 million customer records when administrator level accounts were compromised.  It has now been revealed that Monster waited 5 days before sending letters to the affected customers on August 21st informing them of the situation.  The problem is the customers were exposed to a fraudulent email which appeared to be from Monster.  If they had been notified of the issue sooner, the vast majority of them might have never opened the email and downloaded the virus it contained.

Monster waited to send out the letter because they thought they could contain the inevitable PR disaster, but have instead attracted even more negative attention.  If handled properly, some data leaks never need to become public knowledge, but ones of this scale need to be handled by notifying the affected people ASAP.

It is a good bet that Monster did not have a policy in place before hand to deal with this type of situation, so when it happened they inevitably mishandled it.  Companies need to have policies and procedures in place for handling all different sizes of information leaks before they happen.  They need to know when they can handle the situation quietly behind the scenes, and when the public has to be notified.  Now in addition to dealing with the damage caused by the original information leak, Monster has to handle the additional scrutiny for waiting so long to tell people.