If you want a good idea of exactly what not to do in informing customers of a data breach involving your website, follow the lead set by Australian website Catch of the Day. Catch of the Day, an Australian retail website offering discounted prices and deals on a range of products, suffered a severe security breach in early 2011. Names of customers, plus their delivery addresses, email addresses and encrypted passwords were compromised, alongside credit card information in some circumstances. Astonishingly, it took Catch of the Day three years to inform their customers of the security breach. An email sent out to users on Friday evening local time suggested that anyone who registered an account before May 7, 2011 should change their passwords, as “technological advances” has lead to an increased risk of the encrypted passwords being uncovered.
This website waited three years to warn users of a data breach
The company — which owns the Catch of the Day, Scoopon, EatNow, GroceryRun, and MumGo websites — informed customers late on Friday that people who joined the site prior to May 7, 2011 should change their passwords as a result. “In early 2011, Catch of the Day and other online retailers were targeted by an illegal cyber intrusion, which compromised names, delivery addresses, email addresses and hashed (encrypted) passwords. In some cases credit card data was compromised. Other websites in our Group were not affected,” the notice to customers stated. “At the time, we immediately informed police, banks and credit card companies who assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators. “We have also since informed the Australian Privacy Commissioner.” The company said it was notifying customers to change passwords today because “technological advances” means there was an increased risk of the hashed passwords being compromised. In a statement provided to ZDNet tonight, the company’s group general manager Jason Rudy said that the company’s security practices had improved since 2011. “Our website security and technology is continually evolving and has undergone continual upgrades to keep in line with industry standards and best practices,” he said.
NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.
TECHi weighs both sides before reaching a conclusion.
TECHi’s editorial take above outlines the reasoning that supports this position.
More Two Takes from Zdnet
While Xiaomi was struggling just to meet the low-end of its sales goals for last year, Huawei was blowing past…
China's latest attempt to control what's said on the Internet comes in the form of an amendment to the government's…
Hewlett-Packard's plans to split itself into two separate companies has been common knowledge for months, and now the company's board…
It looks like you can add Samsung to the ever-growing list of companies that want to create their own network…