Episode 3 - Threat Factor: A Cybersecurity Mystery

In my usual “quick fix” mode, I suggested he use a free video compressor I found online to send me the video. I emailed him the link, and he opened it while still on the phone with me. Shortly after trying to compress the video, Jeremy received an antivirus alert about malware on his computer and informed me that the website seemed suspicious. I knew I needed to get the video live ASAP before interest died down, so I told him to go ahead and ignore it. That probably was not the best call in hindsight.

The USB Drive Incident

Fast-forward to the next day at HQ. I decided to take the Muni in to work instead of walking. It was an unusually hot day in San Francisco, and I was wearing the new blazer I’d just bought the day before. When I got to the office, I was feeling pretty uninspired and irritated by the inconsiderate people I had to deal with on my commute. I decided to clean out my desk before diving into my tasks for the day. As I dug through my drawers, I found an old USB drive I thought I’d picked up from a PR meeting. Curious and optimistic, I plugged it into my computer, hoping to find some marketing gold.

The next morning, the situation escalated dramatically. While enjoying a slice of my favorite pizza at lunch, I was hit with the news of a ransom note circulating within our network. My initial reaction was sheer disbelief. In a midsize company like ours, I never expected to face something this severe. I immediately started reflecting on the events from the previous days.

As more details came in, it was clear the attack had roots in our Dublin store. Immediately, I started connecting the dots and began to suspect the malware from the video compressor Jeremy used was the culprit. My mind was racing with the thought that it might have been the gateway for the breach. The guilt was unbearable.

The Customer Communication Plan

After that, I was deep into damage control mode. I worked diligently with my team and our web developers to craft marketing emails that would ease customers’ minds about the attack. To speed things up, I decided to log into Shopify myself to create a quick mockup. As I tried to log in, I realized I’d forgotten my credentials. I submitted an IT request for help—just as I’d done in the past—and soon enough, got a call from Ed, our IT Director. We went through the standard protocol to get me back in and, soon enough, I was building out my mockup for the team.

Later in the week, the situation escalated further. I was at home, watching a movie with my cat, Willow, after taking her to the vet when I received the alarming email: customer photos had been compromised. I was stunned. My mind immediately went back to that strange USB drive I had plugged into my computer, and I worried it might have been the cause of the breach. The idea that I could be responsible for this mess ate away at me.

Despite my growing anxiety, Shamane tasked me with leading our customer communications plan regarding the breach. She wanted us to be more upfront with customers about the compromised credit card information and photos. It was a hefty responsibility, but I jumped into action, determined to handle it with the seriousness it deserved.

And that takes us to today. I’m committed to doing everything I can to help us recover and reassure our customers. I hope this all helps clear things up, and I really hope my careless actions weren’t the cause of all of this.