Header graphic for print
Privacy Compliance & Data Security Information on Data Breach Prevention and the Appropriate Response

An Example of the Right Way to Handle a Data Breach: Motorola Xoom

Posted in Data Security Breach Response

You may have read that Motorola announced on February 3rd that it inadvertently sold around 100 refurbished Motorola Xoom tablets through Woot.com without putting the tablets through the typical process of doing a factory reset and wiping any personal data that may have been left by the original owner(s).  Specifically, there were approximately 6,200 tablets sold between October and December 2011, of which 100 tablets were affected.

The announcement was interesting in and of itself because it highlighted the notification obligation that arose even though Motorola (likely) had no actual knowledge that refurbished tablets went out that actually contained data.  Apparently, Motorola only knew that there was a breakdown in its internal processes and some 100 tablets were not wiped, possibly resulting in the resale of some tablets with data not erased by a customer prior to returning the tablet.

Purchasers of the 6,200 tablets through Woot.com were notified by email to go to a Motorola web site and type in the serial number (or some similar identifier), at which point you would be told if your tablet was affected.  If your tablet was affected, Motorola asked that you agree to part with your tablet for four to five business days so that it could be factory wiped.

As to turns out, I owned one of the 100 tablets affected.  I never win anything, except the Affected Xoom Tablet Lottery.  A day or so later a package with easy-to-follow instructions, very protective packaging and a prepaid envelope arrived at my work.  In went the tablet, out went the package.  On the fourth business day the tablet was returned in working order with a thank you and restore instructions.

And an American Express gift card for $100!!!

Did I have to return the tablet for a factory wipe?  No.  Was it a burden for me to return the tablet?  Hardly.  Was I impressed by Motorola giving me a gift card?  Damn right I was, and that is my point.  

As someone that deals with data breaches, and clients that have to make tough decisions regarding data breaches, on an almost daily basis, this situation struck me.  Motorola did the right thing, went above and beyond what was required, and solidified good will with me.  I was not even the party with the affected data.  I was just the guy that got the great deal on Woot.com for a refurbished tablet.

That Droid Bionic MAXX suddenly is even more appealing to me.  Motorola is suddenly more appealing to me (not that I had any particular problem with them before).

It is possible that Woot.com gave me the gift card, and for that reason my patronage to Woot.com also has been strengthened.  This is a great example of partners working together to deal with data breach situations.  Making the best of a difficult situation, and earning some good will along the way.

Kudos to Motorola and Woot.com for their handling of this situation.