Best Buy Exec Sets Up A Retail Site Outside IT, Gets Hacked

This isn't something one sees every day. A senior Best Buy (NYSE:BBY) executive, instructed to create a blog to conduct Best Buy business, goes outside the Best Buy IT infrastructure to set it up herself—along with some colleagues in HR—using freeware and a $30/month hosting service. If the story stopped there, it wouldn't be that unusual, as frustrated managers have gone outside the corporate structure for decades, not wanting to wait for their project to rise to the top of someone else's priority list.

In this case, though, the executive was Best Buy's chief ethics officer, who wanted to have a site outside the direct control of corporate. And she learned a lesson about why one wants to be within the protection of a multibillion-dollar chain's IT department. She learned that when her Best Buy blog was shut down, possibly due to a cyberthief attack.

Posting a note this week, Best Buy Chief Ethics Officer Kathleen Edmond—whom we profiled a few years ago—apologized to the blog's readers that her ethics commentary had gone silent. "I’m sure some of my peers in the industry suspected Best Buy finally clamped down because my posts had become too risky. The truth is much more ironic and mundane: I was hacked."

Edmond has not elaborated on what happened, and she has posted far too few details to establish whether it was indeed an attack aimed at her or Best Buy—although she implies it was. That said, the ironies here run deep, starting with an exec with a consumer electrics chain going outside the chain to create a blog. Yes, it was probably a justifiable move at the time, but it certainly looks bad.

"The freeware and $30 per month hosting service I used worked great until the site was suddenly victimized by a nasty virus sometime in March. Thankfully, my friends in IT stepped in. They quickly took my URL under their wing and helped me shutter the corrupted blog while they built a new site on an 'official' Best Buy server. I now have the best of both worlds. My blog still functions independently and is freely accessible on the Internet but is backed up by the full IT horsepower of Best Buy Co., Inc.," she posted, adding: "Of all the websites to become the target of someone’s misguided talents, they chose a freeware blog about business ethics? Nonetheless, that is exactly what happened."

What was behind the attack, though, may be irrelevant. How often does someone leave the safety of corporate IT, get attacked and have to publicly describe the whole episode? Glad to have Edmond's site back. Having robust ethics and retail arguments is crucial, and she mediates the two better than anyone we've seen. In general, though, if you sneak around IT, it's probably a good idea that they never find out.