The third time is definitely not the charm for Sonos (NASDAQ:SONO). The high-end sound specialist has tripped itself up yet again, this time accidentally exposing the email addresses of some of its customers.
Although the breach was for only a few hundred names, and they were only sent to other Sonos customers by an errant employee, because of the European Union's strict privacy laws that cover even accidental violations, the speaker maker may have opened itself up to significant penalties.
Yet because this is now the third time in two months that Sonos has created a public relations headache for itself, the real problem for the wireless speaker maker is that customers and investors may wonder if there are deeper problems at the company.
Hits just keep on coming
In December Sonos launched a trade-in program that let customers upgrade their old speaker components to its newest products, but required them to first "brick" the old ones, rendering them completely useless before they were recycled.
This was mostly a manufactured crisis because some people didn't like the less environmentally friendly message it sent. Sonos compounded the problem when it announced last month it would stop offering support and upgrades for the old equipment beginning in May. It also made it sound as if the equipment would eventually stop working.
Customers with a mix of old and new equipment were given an unpalatable choice -- either keep their old equipment and have their new components suffer the same degradation of quality, or go with the new and have their old equipment no longer work.
The backlash was so intense that CEO Patrick Spence took to the company's blog to apologize for how the company handled the matter and promised solutions were being developed to keep its old products functioning.
Three called strikes
It was in answering a customer's complaint about the support program that the Sonos employee apparently copied everyone on the email list instead of using the blind copy feature, ultimately revealing the addresses of some 450 people who had complained to the company.
In a statement to the BBC, Sonos explained: "Earlier today, an email was sent in response to a number of customer inquiries that included email addresses. No further information was included. We have apologised to each customer affected by this error and have put in place processes to ensure this will not happen again."
Sonos admitted it had received an "unprecedented number of emails" for what many viewed as a blatant attempt to gin up sales as it sought to fight back against Amazon.com (NASDAQ:AMZN) and Alphabet, (NASDAQ:GOOG)(NASDAQ:GOOGL) which have flooded the market with low-cost speakers. Amazon said it sold hundreds of millions of Amazon devices over the holidays, and the Echo Dot and Echo Show smart speakers were among its biggest sellers.
It was another PR black eye for the sound specialist, but one that may now cost it money if any of the customers whose privacy was breached live in Europe.
The high cost of spam
The EU's General Data Protection Regulations (GDPR) are a set of strict security and privacy guidelines that apply to all companies globally if they sell to customers on the continent. The regulations impose harsh fines for violations of the standards, even if they happen accidentally, and penalties can range into the tens of millions of euros.
Included in the regulations are protocols for ensuring the security of email, and though they deal mostly with encryption in order to protect against phishing scams and the like, an expansive view of the protections could include the inadvertent exposure of someone's email address, particularly when hundreds have been revealed.
For a company that generated almost $1.3 billion in revenue last year, a few-million-euro fine can be easily absorbed. The more immediate concern for Sonos is in dealing with the negative fallout from the repeated self-inflicted wounds.
Especially if its earnings report is poorly received, it will make for a difficult period as investors question management's fitness. Consumers, on the other hand, will question whether the technology company will be able to stop tripping over its own feet to show it still has their best interests at heart.