Logically Logo

THREAT FACTOR | EPISODE 3

The Rush
to Publish

An urgent content push leads to unexpected consequences. Did I unknowingly prompt an online disaster?
Chris
Chris
SHUTTER PRO
MARKETING DIRECTOR
LIKES:
Data-driven decisions, pushing the envelope creatively, being ahead of trends
DISLIKES:
Outdated marketing, lack of innovation, poor communication
JOB RESPONSIBILITIES:
Overall company marketing
   strategy
Watching and analyzing
   marketing trends
Digital and traditional marketing
   campaign management
Marketing team management
   and cross-team coordination

My Excitement Got the Best of Me

The day before we discovered the breach, I was on the phone with Jeremy, a store associate at our Dublin location in Ohio. He had filmed a video featuring our new DSLR camera that morning and was trying to send it to me to get up on our social channels. Unfortunately, the file was too large to email—and I could tell Jeremy was too nervous to post it himself for fear of possibly making a mistake.
In my usual “quick fix” mode, I suggested he use a free video compressor I found online to send me the video. I emailed him the link, and he opened it while still on the phone with me. Shortly after trying to compress the video, Jeremy received an antivirus alert about malware on his computer and informed me that the website seemed suspicious. I knew I needed to get the video live ASAP before interest died down, so I told him to go ahead and ignore it. That probably was not the best call in hindsight.

The USB Drive Incident

Fast-forward to the next day at HQ. I decided to take the Muni in to work instead of walking.  It was an unusually hot day in San Francisco, and I was wearing the new blazer I’d just bought the day before. When I got to the office, I was feeling pretty uninspired and irritated by the inconsiderate people I had to deal with on my commute. I decided to clean out my desk before diving into my tasks for the day. As I dug through my drawers, I found an old USB drive I thought I’d picked up from a PR meeting. Curious and optimistic, I plugged it into my computer, hoping to find some marketing gold.
Instead, I watched as my screen automatically opened a browser window, typed out a URL I had never been to, and took me to a strange landing page. It creeped me out, so I quickly unplugged the USB and exited out of the browser window. Because I was able to unplug it so quickly, I didn’t think anything of it at the time. However, now that I’m recounting that incident, I’m wondering if that could have been what allowed the threat actor to get in. Ugh, I hope it wasn’t me.
The next morning, the situation escalated dramatically. While enjoying a slice of my favorite pizza at lunch, I was hit with the news of a ransom note circulating within our network. My initial reaction was sheer disbelief. In a midsize company like ours, I never expected to face something this severe. I immediately started reflecting on the events from the previous days.
As more details came in, it was clear the attack had roots in our Dublin store. Immediately, I started connecting the dots and began to suspect the malware from the video compressor Jeremy used was the culprit. My mind was racing with the thought that it might have been the gateway for the breach. The guilt was unbearable. 
The Customer Communication Plan
After that, I was deep into damage control mode. I worked diligently with my team and our web developers to craft marketing emails that would ease customers’ minds about the attack. To speed things up, I decided to log into Shopify myself to create a quick mockup. As I tried to log in, I realized I’d forgotten my credentials. I submitted an IT request for help—just as I’d done in the past—and soon enough, got a call from Ed, our IT Director. We went through the standard protocol to get me back in and, soon enough, I was building out my mockup for the team. 
Later in the week, the situation escalated further. I was at home, watching a movie with my cat, Willow, after taking her to the vet when I received the alarming email: customer photos had been compromised. I was stunned. My mind immediately went back to that strange USB drive I had plugged into my computer, and I worried it might have been the cause of the breach. The idea that I could be responsible for this mess ate away at me.
Despite my growing anxiety, Shamane tasked me with leading our customer communications plan regarding the breach. She wanted us to be more upfront with customers about the compromised credit card information and photos. It was a hefty responsibility, but I jumped into action, determined to handle it with the seriousness it deserved.
And that takes us to today. I’m committed to doing everything I can to help us recover and reassure our customers. I hope this all helps clear things up, and I really hope my careless actions weren’t the cause of all of this.

Register to be notified when the truth comes out!