Redbox Shows Businesses How To Properly Handle A Data Breach

Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.

One reader, Meiran, put it this way: “I’m rather impressed by their reaction, it seems like most modern companies would attempt to push this under the rug and pretend it didn’t happen, leaving customers to wonder what those strange charges on their statements are.”

According to Wikipedia, the company is mostly owned by McDonald’s and Coinstar, so it’s not like this is an example of a start-up that’s never encountered the heavy hand of corporate influence. This means Redbox’s board of directors intentionally chose to be proactive on the matter. They seem to have figured out something that lots of other companies still struggle with, which is that if you empower your customers to help protect themselves, they’ll help protect you, too. We wouldn’t be surprised if the next time a skimmer is detected, the alert comes from a customer who remembers Redbox’s email.

“Redbox Security Alert – Credit Card Skimmer Attempt” [redbox](Thanks to everyone who sent this in!)

“Redbox Warns Customers about Credit Card Skimming” [Hacking Netflix]