Question

The following poorly written e-mail tells customers that their e-mail addresses have been hacked. However, the message is clumsy and fails to include essential information in revealing security breaches to customers.

Your Task. List at least seven weaknesses Revise this message using the suggestions you learned in this chapter about security breach messages.

To: Kara Khalial [[email protected]] From: Justin Small [[email protected]]

Subject: Customer Security Incident at Princeton Payment Systems Cc: Bcc:

Companies and individuals across the country are experiencing more and more security breaches. This email is because of a recent unfortunate security breach at Princeton Payment Systems. However, as a customer of Princeton, your privacy was never at risk. We promise to guard your privacy around the clock. Hackers last week were able to exploit a new function that we were trying to use to make the customer log-in process faster for you and our other customers.. You should be aware of scams that may result from your address being used in phishing scams. To learn more, go to http://www.fdic.gov/consumers/consumer/alerts/phishing.html. To provide even more information about this incident, the U.S. postal service will bring you a letter. Taking your privacy very seriously, e-mail addresses are heavily protected here at Princeton. Within hours of the hacker break-in, the log-in mechanism was disabled and a new procedure was established. The user is now required to enter their e-mail address and their password before they can log in successfully. E-mail addresses were the only information the hackers got. Other information such as account information and other personal information were never risked. We appreciate you being a Princeton customer. Sincerely,

Answer 1

1. Email address is confidential and should be protected by customers at any cost as it possess various information.

2. The new function that we are planning to implement has been exploited by hackers and may be used to cause security issues so the customers can actually protect their email accounts by changing their passwords.

3. As we prioritize security so within hours of the issue care was taken to protect the email address of employees.

4. The new functionality was removed and a different mechanism was introduced so that hackers fail to penetrate.

5. The hackers got details of the email address of the customers but not any other information

6. Customers may receive Spam and phishing mails so it is better to re verify mails from untrusted sources.

7. The details of the customers are safe at Princeton and such incidents will not be repeated which actually cause issue in maintaining security.