Australian Website Waits Three Years To Inform Customers of Data Breach 35
AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.
Re:lawsuit? (Score:5, Insightful)
Nobody knows that. It isn't like the stolen data has a meta tag stating "this stolen data brought to you by Catch of the Day". People could have had their credit ruined because of this breach and never have connected it to the source because of Catch of the Day's security by obscurity.
Any company that uses this tactic of reputation management deserves to lose ALL its customers because they can't be trusted to operate in a responsible way with your data.