This website waited three years to warn users of a data breach

The company — which owns the Catch of the Day, Scoopon, EatNow, GroceryRun, and MumGo websites — informed customers late on Friday that people who joined the site prior to May 7, 2011 should change their passwords as a result. “In early 2011, Catch of the Day and other online retailers were targeted by an illegal cyber intrusion, which compromised names, delivery addresses, email addresses and hashed (encrypted) passwords. In some cases credit card data was compromised. Other websites in our Group were not affected,” the notice to customers stated. “At the time, we immediately informed police, banks and credit card companies who assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators. “We have also since informed the Australian Privacy Commissioner.” The company said it was notifying customers to change passwords today because “technological advances” means there was an increased risk of the hashed passwords being compromised. In a statement provided to ZDNet tonight, the company’s group general manager Jason Rudy said that the company’s security practices had improved since 2011. “Our website security and technology is continually evolving and has undergone continual upgrades to keep in line with industry standards and best practices,” he said.