in ,

This website waited three years to warn users of a data breach

If you want a good idea of exactly what not to do in informing customers of a data breach involving your website, follow the lead set by Australian website Catch of the Day. Catch of the Day, an Australian retail website offering discounted prices and deals on a range of products, suffered a severe security breach in early 2011. Names of customers, plus their delivery addresses, email addresses and encrypted passwords were compromised, alongside credit card information in some circumstances. Astonishingly, it took Catch of the Day three years to inform their customers of the security breach. An email sent out to users on Friday evening local time suggested that anyone who registered an account before May 7, 2011 should change their passwords, as “technological advances” has lead to an increased risk of the encrypted passwords being uncovered.

The company — which owns the Catch of the Day, Scoopon, EatNow, GroceryRun, and MumGo websites — informed customers late on Friday that people who joined the site prior to May 7, 2011 should change their passwords as a result. “In early 2011, Catch of the Day and other online retailers were targeted by an illegal cyber intrusion, which compromised names, delivery addresses, email addresses and hashed (encrypted) passwords. In some cases credit card data was compromised. Other websites in our Group were not affected,” the notice to customers stated. “At the time, we immediately informed police, banks and credit card companies who assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators. “We have also since informed the Australian Privacy Commissioner.” The company said it was notifying customers to change passwords today because “technological advances” means there was an increased risk of the hashed passwords being compromised. In a statement provided to ZDNet tonight, the company’s group general manager Jason Rudy said that the company’s security practices had improved since 2011. “Our website security and technology is continually evolving and has undergone continual upgrades to keep in line with industry standards and best practices,” he said.

What do you think?

Avatar of Connor Livingston

Written by Connor Livingston

Connor Livingston is a tech blogger who will be launching his own site soon, Lythyum. He lives in Oceanside, California, and has never surfed in his life. Find him on Twitter, Facebook, and Pinterest.

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Google gives us an early look at the new Chrome OS design

Monument Valley has surpassed one million sales