Two weeks after the launch of a local small business site:
Client: You have just messed up my site big time! Your security is a joke! My home phone number, personal email address and physical address were just read out to me by a local conman who said he got it from my site. What did you do? Why didn’t you tell me I got hacked?
Freaking out just a tad, I immediately stopped my current job and undertook a few hours of checking server logs, searching for gaps in security, checking the database permissions, etc. Convinced her data was safe, I called back and explained I’ve checked everything and am confident her data is secure. I asked for more information about this scammer and their call.
I quickly deduced that the conman had just googled the business name, so I did the same, and the THIRD result was a local hobby group forum post where the client had given their website, email and phone number, home address, business name and other identifying information trying to sell some old sewing equipment.
Client: So you’re just going to mansplain to me and blame me for YOUR lack of internet security awareness?