Recently, I received a letter from Nordstrom, the upscale Seattle-based retailer known for its stellar customer service. "We have learned that your login information (email and password) may be known to people who attempted to use it to access your online account without your authorization."
It wasn't shocking news, to be honest. I knew my usual email/password combination had been compromised in a massive security breach at Gawker Media in late 2010. But Nordstrom's communiqué was an unsettling reminder of online accounts I hadn't thought to update. It also confirmed that fraudsters were actively using my old login information for criminal pursuits. Not good.
But as I continued reading the letter—and an enclosed four-page fact sheet—I became less concerned about possible fraud and more impressed with Nordstrom's assured handling of the situation.
Nordstrom Explains Exactly What Happened
According to Nordstrom's letter, unauthorized people made fraudulent transactions in a few of the 17 online accounts they managed to access—and did so without compromising any of the company's networks or systems. In other words, they were able to break in only because they had correct usernames and passwords. By detailing the specific scenario, Nordstrom actually inspires confidence: The fraud was limited, it was addressed quickly, and it was not caused by any weakness in the company's online security.
Nordstrom Explains Exactly How the Breach May Affect Me
"While we do not have information that your Nordstrom.com account was used for fraudulent transactions," Nordstrom writes, "we wanted to let you know about this issue so you can take precautions to ensure that your personal information is secure." That is Nordstrom's very nice way of suggesting that I change a vulnerable password I probably use in too many places.
Nordstrom Explains Exactly What I Should Do
In addition to noting a mandatory password reset at Nordstrom.com, the letter asks customers both to check credit card statements for irregularities and to vet statements for problems related to other online retailers. Furthermore, it provides a dedicated toll-free number for anyone who has concerns or questions related to the attempted fraud.
Finally, Nordstrom Reinforces Its Brand—In a Big Way
Although there's no evidence that I was defrauded or that Nordstrom bore any fault in the breach, the company concludes its missive with an activation code for a free year of Experian's ProtectMyID credit monitoring service. (A quick check at the Experian site shows the service usually costs $12.95 a month.) It's an impressive gesture—even for those of us accustomed to Nordstrom's exceptional customer service.