Oops, we’ve been hacked and unfortunately the cyber thieves now have your personal details. Sorry about that.
Yep, that sums up the attitude towards customers of many Canadian companies, along with assorted other national and provincial organizations, after their various doughnut-shaped security systems proved about as watertight as the Titanic, following its unscheduled meeting with a rather large North Atlantic iceberg.
It’s a disgrace and one that will remain so until substantial punitive penalties are imposed upon those same outfits that constantly place customers’ privacy on par with changing the company clocks a couple of times each year.
If naively imagining this debacle doesn’t involve you then try one of those websites where folk can simply enter an e-mail address to discover if such personal information has indeed been hacked. But be warned: the results are usually quite frightening; so much so that if you manage to escape with just a couple of cyber privacy invasions then count yourself fortunate. Many of us need both sets of fingers to count the abuses.
What makes this lackadaisical attitude even more galling is it’s almost impossible to carry out any transaction, no matter how picayune, with any organization online before first having to fill in those dreary boxes asking you for information you probably wouldn’t even tell your mother – if she were rude enough to ask.
Try buying anything, anywhere from anyone and before you get to the payment page you must provide all this needless personal data. You can’t simply buy a concert ticket, for example, without joining some mind-numbing subscriber list, ensuring marketing messages from here to eternity. It’s close to impossible to get digitally served these days without running this perpetual gauntlet.
But then, after holding you hostage to gather such personal information so they can subsequently try and flog you yet more stuff not actually wanted for as long as you draw breath, they blithely employ security systems, supposedly designed to protect those coerced details, that may as well announce to hackers everywhere: Come on in. We’re open for business.
Then, when those happy hackers have merrily availed themselves of this invitation those same companies have a mea culpa moment. Oh dear, we shall be moving to new servers, we shall be employing a top-notch cyber security team, and we shall be compensating you a thousand dollars for this dreadful loss of privacy. (Come on, you didn’t really believe that last bit, did you?)
Except, if such customer compensation did become the norm it would very quickly ensure these same outfits would soon be ahead of the hackers’ game, not waiting until they are victims before hiring that top-notch digital security head honcho, but instead making that position as important and as compensated as the company’s senior bean counter.
But today all that’s required is an: ‘oops, we’re sorry’ statement as punishment for such desultory behaviour.
Look no further than one of Alberta’s leading energy companies, Suncor. Its Petro-Points gas station membership list was hacked.
Customers received the usual lame apology afterwards, along with the standard blather about increased security going forward – yet more closing of barn doors after the horses gallop off into the distance.
Of course, the experience was a corporate embarrassment: “I'd rather have a root canal than go through one of these attacks again,” is how Suncor boss Rich Kruger described it.
But Kruger should be careful what he wishes for. Not if he values his own privacy.
A recent data breach by the organization administering the province’s public dentistry program allowed the personal information of 1.47 million Albertans to be compromised.
Of course, it’s sorry, too.