Sending out breach notifications is a difficult process. Do you send out emails to every customer, even those that aren’t affected? Or just to the ones that are part of the breach? Your customers might get these emails in their spam folder or ignore them. Maybe it is better to send out postal letters. I have noted several breaches this week and show their different approaches, from Macy’s and ExxonMobil to Timehop. The latter was the most specific about what happened, why it happened, and what they are doing about the breach. Timehop also placed a banner notice on the top of its homepage to make sure as many people as possible saw it, so kudos to Timehop for its transparency.
-- David Strom, editor of Inside Security