For any of you avid shoe lovers out there who are subscribed to TOMS Shoes email list, you may well have seen the following message appear in your inbox last week:
Prior to this, a hacker (who called themselves Nathan) had sent several emails to subscribers of TOMS Shoes, which you could clearly tell were not legitimate.
The content of the emails were not nasty, in fact quite the opposite. The hacker sent out advice, which read:
Hey you, don’t look at a digital screen all day, there’s a world out there that you are missing out on. 🙂
TOMS Shoes were quickly alerted to this hack due to their customer base inundating them with tweets about the suspicious emails. However, the length of time it took the company to respond to their concerned customers was not great. It took them several hours to announce the hack, and the only advice they gave them was to not click any links they were sent. No mention of changing passwords for their TOMS accounts.
Whilst it was positive that they acknowledged the data breach to their customers, it should have been much quicker. People were very concerned about what was going to happen to their personal data, and how they were conforming with the GDPR.
Things to note as a business owner
Of course the main issue here is that a hacker was even able to access the email list that TOMS Shoes holds on their system. We have previously put together ways in which you can prevent a data breach, starting with creating secure passwords.
- Inform both the ICO and your customers
The next thing is that you shouldn’t wait to find out about a data breach from your customers themselves. TOMS didn’t appear to provide any information regarding when they realised there had been a breach of their system. It seems their customers jumped straight onto social media to announce it for them!
- Showcase your customer service
Your marketing team should be covering all aspects of social media, and creating an email campaign to follow up this hack. Timing is important here. The email from TOMS stating their systems had been hacked was sent out 2 days after the initial breach. Which just isn’t quick enough. As soon as you are aware of the hack, you should be notifying your customers and reassuring them you are doing everything you can to get to the bottom of the hack.
- Put a timeline together
Rather than just saying ‘there will be ongoing investigations’ as TOMS have done, it is best if you can be clearer about the timescales for your customers. Put yourselves in their shoes. If your data had been accessed by hackers, you would want to know the measures the company is taking to rectify the situation. As well as how the company are going to protect your data better in future.