Via Security Incident

Security Incident

by Matt

Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

Now for some good stories.

This is my favorite, favorite, favorite crisis communication study this week. On the morning of Wednesday, April 13th, the blogging software company Automattic discovered a break-in on several of their servers. Potentially sensitive information may have been exposed and copied.

First step, be first. This blog post is the first mention I could find on the subject anywhere, on the web, on Twitter, you name it. They’ve immediately become the go-to place and have set the tone.

Second, be honest. The post, while short and not altogether technical, describes what happened and what they’re doing and have already done to correct the situation and make sure that it doesn’t happen again. Furthermore, the author acknowledges that this situation may take some time to resolve as opposed to saying something like, “Yep, we fixed it, all done. Pat, pat, pat on your head.”

Third, be clear. There is only one really jargon-y part of the post, and the author attempted to clarify it (see the parenthetical “root” used to differentiate low-level not that bad from low-level very serious). The rest of the post is written at around an eighth-grade reading level with short sentences, lots of paragraphs and bullet points.

Fourth, tell what it means. My biggest complaint with the radiation situation in Japan is the frustrating INES scale. It tells me nothing about what I, as someone affected by the disaster, should do. Should I worry more because it moved from a six to a seven? How to counteract the danger? The Automattic post gives three great bullet points on how to stay protected AND information on how best to manage the new behavior.

Finally, be available. Comments are open on the post and a direct link to Support is given in the body of the post.

This type of response is EXACTLY what I want to see from my internet host (and that’s one of the reasons I hosted my old BreakGlass blog and my personal family blog on Truly a model of crisis communication. Full round of applause for the folks at Automattic and keep up the great work.