Avanan's co-founder Michael Landewe was quoted in an article about legally mandated breach alerts being sent to the junk folder. Because bulk emails can be deemed suspicious, users who are entitled to read them can miss it. And second, these sorts of emails can be taken advantage of by hackers.
As Landewe said in the article:
Breached companies “have two problems,” said Michael Landewe, Avanan co-founder and lead threat hunter. “It starts with being hit.” Next, “you have to protect your customers because they are now a target. That’s your job. The way you respond is the way you retain your customers.”
and
“The simpler the email, the better,” said Landewe. “It’s better to tell users that because of potential scams, you should go to our trusted website, which has the information clearly displayed. The message should say: ‘Please log into your account for more information,’ or ‘Log in and check your messages’ or ‘Log in to your account and look for the Breach Updates link at the top of the page.'”
Head to SC Magazine to read the entire article.
