Dieter Bohn for The Verge:
Last night, some customers who had preordered an Essential phone received an email asking for a copy of their driver’s license, ostensibly to verify their address in an attempt to prevent fraud.
Dozens of customers replied with their personal information, but those emails didn’t just go to Essential; they went out to everybody who had received the original email. That means that an unknown number of Essential customers are now in possession of each other’s drivers license, birth date, and address information.
The incident is being reported as phishing by many outlets, because it looks and smells quite a lot like a phishing attempt: a weird request for personal information. After examining the email headers, it doesn’t look like this was an actual phishing attempt. It seems much more likely that this was a colossal screw up, the result of a misconfigured customer support email list.
Just wow. Definitely not the headline you want surrounding your first product release.
In a post regarding Andy Rubin’s vision, I said the following in reference to user data. With today’s mistake, Essential has absolutely lost some credibility. And this is the company that wants to run our homes?
While many may trust Andy Rubin, Essential has to walk the walk. They have to measurably demonstrate their accountability and be transparent with user data.
Andy Rubin has now penned a formal apology on the Essential Blog, saying:
Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers. We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future. We sincerely apologize for our error and will be offering the impacted customers one year of LifeLock. We will also continue to invest more in our infrastructure and customer care, which will only be more important as we grow.
Being a founder in an intensely competitive business means you occasionally have to eat crow. It’s humiliating, it doesn’t taste good, and often, it’s a humbling experience. As Essential’s founder and CEO, I’m personally responsible for this error and will try my best to not repeat it.
Good on him to take ownership for the blunder and provide LifeLock to the affected individuals. Also glad to hear the impact was minimal. Hopefully Essential learns a big lesson from this.