Wow, what a day. I was halfway through writing a post inspired by Mint’s intent to sell aggregate, anonymized customer data – and it was meant to be a positive post, pointing out the business model potential in SaaS. But somehow this message doesn’t feel right on the day people are up in arms finding out that 700 customers financial data was exposed by personal finance service firm Rudder.
Just one more example of a FREE service that delivers to you exactly what you pay for.
Time for a little reality check. Yes, in financial services trust is everything, and Rudder might find it difficult to recover from this situation. But let’s not jump to the wrong conclusion about the security of Web-based services in general. What happened here had nothing to do with Rudder being a Web 2.0 / SaaS /Cloud Computing (your favorite buzzword here) service. It was a good old fashioned email-scr**-up, that can happen with ANY company that stores personal or financial data.
On a side-note, what I am amazed at is the (initial) poor handling of this potential disaster situation by Rudder. After the initial silence they put up an Urgent Notice on a newly created Tumblr blog, off the main site, on a separate domain. I found it accidentally, following a comment @ TechCrunch, but if you go to Rudder’s homepage, there not a trace of the emergency situation, not a single link to this new page – at least not one I could find. The Trust & Security tab lists why the service is super-safe, super-private, which, frankly is more than ironic in light of today’s events. A security breach followed by a PR and Customer Service failure, if you ask me.
But not a SaaS failure – this could have happened anywhere. And it did. As a precautionary measure, Rudder is offering a free identity-theft service to all compromised Rudder members. It reminds me that a few years ago I received a free year of identity-theft and credit monitoring service from as a result of a security breach by a company I had worked for 9 years earlier. They lost a tape containing social security numbers and financial information of thousands of current and former employees. The name of the company: IBM.
So don’t bury SaaS just yet. And I’ll be back with that Mint-inspired business model story soon.