Post-Christmas letdowns were deepened by the revelation that yet another data entity’s security system had been breached. The news comes at the end of a two-year cycle that saw credit card and consumer information firms similarly compromised.
The first tip-off that something was wrong came in Dixville Notch, NH. Early Christmas morning, police detective Joseph Androscoggin bounded eagerly from his bed only to find his stocking stuffed with pink Mistletoe Monkey Tilt Girls socks and a gaudily wrapped Bratz Super-Star Style Alarm Clock under his tree.
Androscoggin, who specializes in guarding youth-oriented chat rooms against miscreants by posing online as a 14-year-old girl, did not realize the extent of the problem at first. “I initially thought it was my wife, again making fun of this particular assignment,” Androscoggin said. “Then I remembered that I wasn’t married.”
As reports of unexpected, unwanted and just plain unappreciated gifts spread, questioners turned to the North Pole, where the Christmas Workshop had recently upgraded its database operations.
After a brief security audit, Kringle Enterprises, a holding company under which the Christmas Workshop operates, admitted that its firewall had been breached. Adding insult, the hacker, a minor whose name is being withheld, likely used a computer system given to him during Christmas 2003.
“Maintaining a firewall in sub-zero weather proved trickier, logistically, than we had originally anticipated.” said Mae Darling, a spokeself for Kringle Enterprises.
What made the hacker’s activities within the Workshop’s files difficult to track was the lack of a pattern. In some cases, home addresses were changed, but personal characteristics were left alone. At other times, behavior records were altered. For instance, a notation in Androscoggin’s file that reflects his chat room monitoring duty was changed to make Androscoggin’s online persona his actual persona.
Most often, the hacker contented himself with changing age information. “Unfortunately, since the Shelby Amendment we’re simply not able to use motor vehicle data to cleanse our lists,” said Darling. “It’s going to take months to verify our files.”
The Workshop had embraced the new systems to aid downloading consumer wish lists directly from e-mail into its files. The database is also used for tracking the date and time requests are received, as well as recording comments about the tone of the letters.
“We’ve done some correlative analysis and found that the later, and more strident, Christmas letters we receive score much higher on our Naughty Scale,” Darling said. “Makes segmenting recipients a heck of a lot easier.”
The Naughty Scale? Turns out that automating the order entry process isn’t the only data-based innovation Kringle Enterprises has implemented. In 2003, it introduced a five-point color-coded scale, which it uses to evaluate potential gift recipients. Consumers are ranked according to ascending naughty characterizations of green-blue-yellow-orange-red, or in Kringle parlance, Altruistic, Benevolent, Neutral, Malevolent and Kenlay.
“A simple, binary ‘Naughty/Nice’ split is waaay too 20th Century for us,” Darling explained. “The sheer financial volume Christmas now generates necessitated finer segmentation in gift assigning.”
As for its currently compromised system, the Workshop has little legal recourse. Given the international scope of the distribution problems, establishing jurisdiction is extremely difficult.
“We’d love to work with local authorities, but this is the North Pole. The closest local authority is in Lapland.”
To respond to the opinions in this column, please contact e-mail: rlevey@primediabusiness.com
