iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.

Author: Jutaxe Garisar
Country: China
Language: English (Spanish)
Genre: Love
Published (Last): 7 September 2005
Pages: 72
PDF File Size: 19.26 Mb
ePub File Size: 1.87 Mb
ISBN: 921-1-51684-860-6
Downloads: 79068
Price: Free* [*Free Regsitration Required]
Uploader: Mikazahn

If iPremier had security experts in its team, they would have been able to understand the attack and stopped it immediately, even though QData did not have the security experts.

Still, there are several other reasons to disclose to customers the potential for a breach: What significant errors did iPremier make that led to its troubles? The profits should have been secondary to customer data security because the business was built on trust and losing customer confidence to shop on the website would prove fatal for the company. If law enforcement is involved, then the company has the obligation to notify the consumer.

You can be confident that our computer security experts continue to address the situation and have already taken steps to strengthen our data-related security. Provide a copy of the letter you would write to customers and be prepared to read it aloud in class for us to discuss.

As no data has been stolen, there is no economical reason to disclose the event. Or did you settle on something in between? Fill in your details below or click an icon to log in: Because there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous.


Such an intrusion should be regarded as an opportunity to evaluate the security infrastructure and to improve on existing emergency procedures should an attack happen again.

iPremier – Harvard Business School Case | Harvard Business School Cases

Moreover, the plan that Joanne had was out of date. Provide arguments to disclose to customers the potential for a breach. In general, when security has been ipremire breached and personal data, such as addresses, purchases, or credit card information, has been stolen, a company is required by law to disclose this event.

The situation will be evaluated according to these three reasons to understand if the company should disclose the event.

As a result, iPremier can take credit for the way they address the problems forensics stucy, cooperation with financial institution, etc.

I sincerely regret any inconvenience you may have experienced as a result of an unauthorized intrusion to our website. Leave a Reply Cancel reply Enter your comment here I personally promise to update you with additional information as it becomes available to me.

QData was certainly not the company iPremier would have outsourced their data works to. Email required Address never made public. A formal contract is not formed in a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles. Third, QData had no procedures to prevent the intrusion or iprrmier the intrusion.

Responding to this information, we discovered our website had been accessed without our authorization. How did Ipremier Perform?

The iPremier Company

Based on the arguments in 2 and 3 we settled on an in-between solution. Yes, it can hamper customer loyalty and could raise questions about the IT department, but nevertheless we feel in the long-run it builds customer trust as the company is willing to own its mistakes and implement measures to correct them. What course of action would you recommend? Avoid Customer Discomfort No customers want to feel that they or their information was at risk for too long before being notified.


In keeping with the best industry security practices, please remember that iPremier will never ask you to provide or confirm information including credit card numbers. Legal US law about security breach disclosure is rather vague and leaves significant room for interpretation. The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement.

Having your own security ipremisr helps a company, especially if you are storing data such as in this eCommerce company. Even though it is at night, any downtime longer than a few minutes will be noticed by external people and in the current information age, that would sure be communicated through various means.

Fundraising presentation – Alliance for a Healthier Generation. Provide arguments to support a decision to do nothing and continue business as usual. Ipremisr for iPremier, the attack was only a denial of service attack DoS possibly launched by a competitor or a script kiddie Austin, However, three constraints were blocking the way to have a new data company to replace QData.

Pull the plug, credit cards can be stolen.

Combined, it can be concluded that there is no legal reason at this moment to disclose the incident. In turn, this would threaten the future of the company and is therefore not worth it. Second, QData was least cooperative in stopping the attack.