On march 2nd 2013 Evernote was the victim of a security breach on their servers. For a service that holds so much private information about its users, actually also about me, this could be life-threatening incident. As such many a company would prefer to not talk about it. Especially if, as it was the case with the Evernote hack attack, no data and payment information seemed to have been accessed, changed or deleted.

Andrew Sinkov, VP of Marketing at Evernote, about the security breach:
“That sucked! What you do about it, is to be as transparent as possible as quickly as possible.”

Not so with Evernote: they had a plan in place for such an incident and the guiding principle was to keep absolute transparency about what had happened and to take any possible action in order to protect the users’ data. So they addressed all their users in an mass emailing, informed all major media outlets and implemented a system-wide password reset.

Evernote mass email informing all users about the security breach and the system-wide password reset

At our visit at the Evernote HQ the topic of the hacking attack was no taboo at all. Andrew Sinkov, Evernote’s VP of Marketing, was very open about it: “That sucked! What you do about it, is to be as transparent as possible as quickly as possible.” Ronda Scott, responsible for PR & communication, explained us that Evernote received a lot of positive reactions to how they handled the security breach. According to her this is how Phil Libin, Evernote’s CEO and founder, envisions the company: always be open and transparent and do the right thing.

For a service that should help its customers expand their memory by remembering everything, trust is crucial. But nothing kills trust faster than not being transparent – Evernote is on the right track here, let’s hope they keep it up and succeed in building “a 100 year company”.