Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Website Waits Three Years To Inform Customers of Data Breach

Posted by Unknown on from the better-never-than-late dept.

AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.

6 of 35 comments (clear)

  1. lawsuit? by Todd+Palin · · Score: 2

    This sounds like a perfect lawsuit to me. Their failure to limit the damage seems negligent. Perhaps a hefty class action suit is in order.

    1. Re:lawsuit? by penix1 · · Score: 4, Insightful

      A few years later and there is still no 'damage'...

      Nobody knows that. It isn't like the stolen data has a meta tag stating "this stolen data brought to you by Catch of the Day". People could have had their credit ruined because of this breach and never have connected it to the source because of Catch of the Day's security by obscurity.

      Any company that uses this tactic of reputation management deserves to lose ALL its customers because they can't be trusted to operate in a responsible way with your data.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  2. Re:Online == Stolen by viperidaenz · · Score: 2

    Ha ha, CAPTCHA isn't shown when you're logged in?

  3. Re:It Worked by penix1 · · Score: 2

    No one noticed which means it was the correct plan and course of action to follow.

    No one noticed because they didn't know it was Catch of the Day that was the source of their stolen data that may have ruined their credit. And when their customers leave in droves because of this breech of trust, does that sound like a good business decision?

    Thank you for your patience and understanding.

    You may have patience and understanding with this kind of corporate malfeasance but I don't. I now know to stay leagues away from this company and to inform everyone I know about their nonchalance attitude towards data security and customer notifications of breeches.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  4. Q&A with CotD support person ... by davidmwilliams · · Score: 4, Informative

    Here is my story on this event, including (page 2) a "Q&A" I managed to get from them where they avoided most of my questions: http://www.itwire.com/business...

  5. Users thought it was fishy in 2012 by davidmwilliams · · Score: 4, Informative

    Catch of the day users noticed something was fishy back in February 2012. "We take data security seriously" said Catch of the Day rep. Yet CotD continued to choose not to tell anyone: http://www.itwire.com/business...