In our line of work, we regularly read, review, and help prepare breach disclosure announcements. So when we came across Quora CEO Adam D’Angelo’s post about their recent data breach, we were impressed. Oftentimes, these notices leave many questions unanswered. It’s safe to say that D’Angelo went above and beyond in his explanation, which took the form of ‘Frequently Asked Questions‘, indirectly serving to maintain the site’s brand. There are several components of the notice that organizations of any size can learn from in the event that they find themselves facing the aftermath of a cyber incident:
- The notice came directly from the CEO. Regardless of whether or not he actually authored it, this simple action conveys a sense of how important the issue is to Quora.
- Timely disclosure. The company became aware of the incident on November 30th, 2018 and had released a public statement 3 days later.
- Quantifying impact & updating as new information becomes available:
- Who was affected
- What was accessed
- What you should do
- What were’re doing
- Invalidating compromised credentials and forcing a password reset.
- Providing a link to download you data from the site as well as pointing out how to delete your information and account; the message was loud and clear: ‘we understand if you don’t trust us anymore.’
- An explanation that the identities of anonymous posters – arguably the site’s most important feature – were not exposed in the breach.
- Lastly, Quora’s word choice was commendable: the company opted to use the term ‘attacker’ rather than the more commonly misused ‘hacker’.
While we’ll do everything we can to ensure you never need them, our public relations specialists can help preemptively prepare breach disclosure announcements.
Gotham Sharma is a cybersecurity advisor, educator, mentor, speaker, and trainer. He presently serves as the Managing Director of the Exeltek Consulting Group, and has been nominated for the ‘Cybersecurity Educator of the Year’ award. If you enjoyed this article and others like it, you can vote here.