CD Universe had about 300 000 customer credit-card records stolen by a hacker who then attempted extortion. When the hacker's demand was not met, the hacker posted about 25 000 of the credit-card details on the Internet (AFR, 2000). Those customers then had to cancel the cards and face significant disruption.
Without examining the details of that particular case, it raises many questions for you and your organization. Just for tasters:
What is the chance that this could happen to you?
What sensitive data do you have? Is it attractive to outsiders? What if it is broadcast?
What percentage of the affected customers would you expect to lose permanently?
How much security have you got? Is it enough?
What laws would you potentially break?
What's the cost of the fix after the event compared with before, if indeed it can be fixed?
One of the outstanding features of such examples is that the relationship with a key stakeholder – here the customer – can be seriously impacted by a technical inadequacy deep in the techie's mystery zone. How can management deal with this?
The next example shows that it's not just the Internet that creates information asset issues, it can be quite mundane.
...and while you're down...
A local government organization transferred a database from an old system to a new system, but the data became corrupted. Unfortunately the corruption was not immediately detected, which made restitution very difficult. In this case the customers ...