The official response from Ona SkinCare is “our email has been hacked” – however the truth is that an employee accidentally added the East Nashville Listserv/Google Groups email address in a reply to a customer – sending that response, including details such as their Botox treatment and other private purchases, to thousands of email recipients on Tuesday. If no one knew this client had Botox work done before, all of East Nashville know now. There was no hack, just a mistake that an employee won’t own up to.
It all started with a $835.50 refund request from a customer that was overcharged, to which an employee, Melissa Rhodes, was replying. In her reply to the client, she talks about treatment charges, including Botox among other services:
That should have been an innocent email between Ona Skincare and the client, however the author of the email, Melissa Rhodes, added an extra recipient in the ‘TO’ field, and that email address happened to be the address that forwards to thousands of East Nashville residents, via a listserv/google group, highlighted below:
Melissa quickly responded that their email had been ‘hacked’ but this is simply not true, as shown above. The actions of an employee caused this client’s Botox to be disclosed to thousands of neighbors, nothing more. There was no hack, just a employee / nurse that added the group to the email.
Melissa Rhodes isn’t someone who doesn’t understand technology, and very well knows this wasn’t a ‘hack’ – she is experienced in technology and has been active in the face book developer community as well as the app development for Ona SkinCare. This is someone that knows the difference between a ‘mistake’ and a ‘hack’ and chose to lie about it to the world, instead of admitting her mistake and being honest with clients.
A mistake is not a ‘hack’. You can’t just call things a ‘hack’ to excuse your own negligence.