Social Engineering Crisis

THE SITUATION

While phishing is a top concern for all IT departments, employees can still fall prey. A high-end, west-coast retailer was the victim of a phishing attack when a controller replied to an erroneous email and provided the tax information of hundreds of current and former employees.

THE TASK

We received the call at 10 p.m. and by 10 a.m. the next morning, we had tailored and begun executing a response plan specific to the company and its industry. This included immediate and contingent messaging for key audiences.

THE WORK

• Developed response plan and messaging

• Worked closely with outside legal counsel to craft and refine communication materials

• Trained key executives on how to communicate with employees and other audiences

• Monitored social and traditional media for fallout

THE RESULT

The retailer successfully communicated with key audiences in a straight-forward and transparent manner, which helped mitigate and contain the issue while upholding trust. As a result, the issue never became public. Additionally, the client’s legal counsel said the communication effort was the fastest and most efficient it had experienced.