Wow, what a day. I was halfway through writing a post inspired by Mint’s intent to sell aggregate, anonymized customer data – and it was meant to be a positive post, pointing out the business model potential in SaaS. But somehow this message doesn’t feel right on the day people are up in arms finding out that 700 customers financial data was exposed by personal finance service firm Rudder.
It’s all over Twitter, commenters on TechCrunch are burying the service, as well as other Web services, and I think this comment is not far from being the majority opinion (at least for now):
Just one more example of a FREE service that delivers to you exactly what you pay for.
Time for a little reality check. Yes, in financial services trust is everything, and Rudder might find it difficult to recover from this situation. But let’s not jump to the wrong conclusion about the security of Web-based services in general. What happened here had nothing to do with Rudder being a Web 2.0 / SaaS /Cloud Computing (your favorite buzzword here) service. It was a good old fashioned email-scr**-up, that can happen with ANY company that stores personal or financial data.
On a side-note, what I am amazed at is the (initial) poor handling of this potential disaster situation by Rudder. After the initial silence they put up an Urgent Notice on a newly created Tumblr blog, off the main site, on a separate domain. I found it accidentally, following a comment @ TechCrunch, but if you go to Rudder’s homepage, there not a trace of the emergency situation, not a single link to this new page – at least not one I could find. The Trust & Security tab lists why the service is super-safe, super-private, which, frankly is more than ironic in light of today’s events. A security breach followed by a PR and Customer Service failure, if you ask me.
But not a SaaS failure – this could have happened anywhere. And it did. As a precautionary measure, Rudder is offering a free identity-theft service to all compromised Rudder members. It reminds me that a few years ago I received a free year of identity-theft and credit monitoring service from as a result of a security breach by a company I had worked for 9 years earlier. They lost a tape containing social security numbers and financial information of thousands of current and former employees. The name of the company: IBM.
So don’t bury SaaS just yet. And I’ll be back with that Mint-inspired business model story soon.
Well said. I left comments on as many articles as I could find about the Rudder issue precisely because of this concern: you want people to understand that while a mistake was made and it was preventable, it was one company and one time and the space itself has a lot of help to offer the world.
I think many PFM’s (Thrive, Wesabe, SmartyPig, etc.) are genuinely interested in helping people, whatever their actual business model, and it would be a true shame if people swore off the space over what amounts to a non-unique space that really has very little to do specifically with PFM sites.