"We think that someone calling himself 'Mr. Zilterio' may have accessed our customer records, to include credit card numbers. He's threatening to reveal that information to our customers and the press if we don't pay him a large amount of money."
That was the initial call I received from Marc Benzakein, one of the founders of linkLINE Communications, an expanding, relatively small (15,000 subscriber) but profitable Internet service provider based in Mira Loma, California (note: in their business, "profitable" is rare).
In that phone call, and a subsequent meeting with linkLINE's management/crisis response team, I learned that:
* According to federal authorities and information available to anyone who does a search for "Zilterio" on the Internet, the same individual may have extorted as much as $4 billion from other organizations who wanted to sweep the situation under the rug for fear of losing business.
* linkLINE, with law enforcement direction, had been stringing Zilterio along for a little while identifying how he got past their security. In the process, they traced the bank account to which Zilterio wanted money wired through Russia (where he said he was from) to Yemen, a known hotbed of terrorism.
* The ISP felt strongly that it was ethically and morally wrong to give in to what could clearly be construed as "cyber-terrorism."
* linkLINE had taken the steps necessary to ensure that the security hole which Zilterio may have exploited was plugged.
* A significant loss of customers could be devastating to linkLINE because of its still-small size.
[Crisis Response Team Meets]
As a crisis response team, we agreed that:
* linkLINE's customers needed to be notified of the threat before Zilterio communicated with them. This meant that the entire "response package" needed to be in place between our Thursday afternoon meeting and the following Monday evening. We all wanted to move even more quickly, but double-checking some security preparations precluded any more haste. The team member in touch with Zilterio felt he could stall him as long as necessary.
* The best approach, very much in keeping with linkLINE's operating philosophy, was to express compassion for the concern this might cause customers, provide them with information they would need as a consequence of the situation, while also calling for them to unite with linkLINE in combating cyber-terrorism.
* Close coordination would need to be made with the security offices for the four major credit card companies so that (a) linkLINE customers would have the least-possible work to do regarding the possible exposure of their credit card numbers and (b) that linkLINE's relationships with the credit card companies remained sound.
During three intense days of preparation:
* linkLINE management contacted the four credit card companies, who were very appreciative of linkLINE's proactive response, agreed to put a special watch on linkLINE customer credit card numbers to see if they were fraudulently abused, and assured linkLINE that customers would not be held liable for any such fraud.
* A Customer Alert letter was drafted for distribution on Day 1
* A press release was drafted for distribution in the early morning of Day 2
* A Customer Q&A was drafted in preparation for posting on linkLINE's website on Day 2
* A special Customer Service Response Guide was created and customer service reps trained on its use.
* linkLINE's crisis response team identified other key stakeholders, besides customers, who might need to be called or contacted when the news was released, and prepared to make those communications.
* Marc Benzakein was trained to be the primary spokesperson on the situation, with another member of the team as backup spokesperson.
The Announcement and Results
Zilterio did not act during the preparation period, and linkLINE was able to launch its crisis communications campaign.
* In the late evening of Day 1 and early morning of Day 2, respectively, the Customer Alert went out by email and the press release by PR Newswire (California circuit only, as 95% of their customers were in-state, and knowing that even the California circuit also goes to Internet news sites and certain other key media).
* While customer call volume did go up, it was not overwhelming; linkLINE had contingency plans for what to do if it backed up, but the Customer Alert, combined with the Customer Q&A, apparently satisfied the vast majority of customers.
* Most of the calls and emails that DID come in were highly complimentary of linkLINE's response. Some examples:
* "In today's world of competition and LOVE of money very few companies are up front when they have a problem that could affect their business. YOU GUYS ARE THE EXCEPTION. Thanks for letting us all know the truth. Because of people like you I feel much safer on the NET. THANKS AGAIN."
* "I would like to commend you on your handling of the Zilterio blackmail incident. Prompt and full disclosure through email and your website is the exact way to go. This kind of professionalism makes me happy to continue with linkLINE as my ISP. Nothing is 100% secure; what separates the pros from the rest is the response to a security breach. Your response measured up in every respect."
* There were some people who were initially very disgruntled, but linkLINE execs did a great job of communicating in a caring and informative manner that made customers more comfortable.
* A few credit cards were voluntarily (by customers) or involuntarily (by banks, when they were also ATM cards) suspended, but even those customers were understanding. And as part of their preparation, linkLINE had made it easy to switch to another credit card (securely) or use another method of payment.
Two weeks later, linkLINE had no net loss in customers and thereafter continued to enjoy its usual level of growth.