Tag Archives: Wall Street Journal

Why Crisis Communications is Important

It used to be that large companies could control the news cycle.  Used to be, that is.

Now, with social media, in reality, no one is in control of the news cycle.

Dow Jones, the parent company of the Wall Street Journal,  whom you would think would know a thing or two about the news cycle, apparently has not sorted this out for itself yet.

So, what happened?

On May 30th, Upguard researcher Chris Vickery, who has been in the news on a regular basis lately due to his findings, found a dataset in the Amazon cloud with incorrect permissions on it.  The dataset contained Dow Jones customer information and due to this error, it was accessible for download by anyone who had an Amazon web services account – likely millions of people.  Vickery says that based on his analysis, he thinks data on around 4 million customers was exposed.   Dow Jones says that it wasn’t that bad;  their guess it that it only exposed data on 2.2 million customers.

For some reason, it took Dow Jones a week to change the permissions on this file.  A week.  Why did it take a week?  One possible reason might be tied to their head of communications explanation that this wasn’t really a big deal.  Just customer information.  Nothing to see, keep moving.

In this Amazon S3 bucket were multiple files.  Looking at the data, Chris found customer names, home and work addresses, Dow Jones account numbers,  account details, last four of their credit cards, email addresses and other information.  There were  many files in this bucket and Chris didn’t download all of them, so who knows what else was there.

Dow Jones said that is wasn’t a breach.   True, it wasn’t.  Then again no one said that it was a breach, only that people who should not be able to read the data could read the data.

Dow Jones called that a data over-exposure.  Well, certainly true – even though I have never heard that term used before.  Over-exposure is what happens when you stay out in the sun too long or set the controls on your camera incorrectly.  I have never heard anyone refer to leaking private customer information as a data over exposure.

Dow Jones Director of Communications Steve Severinghaus said that the data was over-exposed only on Amazon and not on the Internet.  I guess we should feel better that only a few million people could download it rather than a few billion people.  There is some validity to that, but a few million is a large number in its own right.

Dow Jones said that they were not going to issue a public announcement (not to worry, it is all over the media, so an announcement is not really needed) because passwords and credit cards weren’t leaked.  Probably, also, because they were hoping they could sweep this breach under the rug.

While Dow Jones’ Wall Street Journal may have a paywall to stop nosy people from reading about the breach, The Register, The Inquirer, SC Magazine, and Upguard do not have paywalls.

These are just a few things that Dow Jones did wrong.  You would think that they would have a crisis communications team.  We certainly tell our customers that they need to have one.  Maybe they do have one but this item just got out of control.

Any crisis communications team worth anything will tell you that hunkering down and hoping that no one will notice is a risky proposition.  It did not work here and likely won’t work for you.

The odd thing is that the WSJ ought to know better.  After all, they break embarrassing news stories for breakfast.  And lunch.  Even for dinner.

What were they thinking?

Information for this post came from SC Magazine, Upguard and The Register.


Systemic Vulnerabilities In The Digital Age

In case you haven’t seen the news today, the morning started with United Airlines saying that they experienced a “system-wide computer problem”.   United later said that an issue with a network router “degraded network connectivity for various applications, causing this morning’s operational disruption”.  The disruption meant that no United flights took off from about 8:00 AM Eastern time until 9:47 AM.  This affected about 800 flights.  If you assume an average of 125 people on a flight, that means that this problem affected at least 100,000 people.  People trying to make connecting flights were impacted more than people on direct flights and people on tight schedules may have missed whatever they were travelling for.

Next, the New York Stock Exchange halted all trading at 11:32 AM Eastern Time and cancelled all pending trades.  The exchange said that was the result of an internal technical issue – a network connectivity issue.  They planned on resuming trading at 3:10 PM Eastern Time.

Finally,  The Wall Street Journal’s web site home page started generating an error at about 11:45 AM.  It came back up around noon.

What the root cause of these outages are or if they are related is unclear.  No one is saying much.  The government is saying this was not the work of hackers, but I am not sure that they would say so, at this point, even if they thought it was.

What this does point to is that we are pretty dependent on technology these days.  If you go into a store and the power goes off, they close the store because they have no way to take your money.  Same thing if their computers crash.

While that is inconvenient, it is a bigger issue if the organization that suffers an outage is part of the critical infrastructure (water, power, police, healthcare, etc.)

Organizations like the NYSE have spent tens of millions of dollars – maybe hundreds of millions – making sure that their systems stay up when they are supposed to.  But they don’t always stay up.

It is unlikely that any traders will walk away from the NYSE.  Some travelers might leave United over the outage, but likely not many.  WSJ readers tend to be pretty loyal.

However, the cost of dealing with these outages is very high.  Big commercial trades that would have been made on the NYSE were likely made on other exchanges.  United probably had to refund passengers or accommodate some passengers on competitors planes.  The WSJ probably lost the least, but likely did lose some advertising revenue.

These outages were all relatively short – less than an hour to a few hours.  They also did not affect things critical to you and me on a daily basis (like when the Subway in New York or the Bart in San Francisco shuts down).

What if the outage was longer.  What if a bank system failed and was down for several days or an airline operations system was down all day.  Both have happened.

We have spoiled ourselves because generally, things in America are pretty reliable.

That does not mean that they are not fragile.  And fragile is not a good thing because that means that small perturbations can break them.  Potentially affecting you and me.