Australian Website Waits Three Years To Inform Customers of Data Breach 35
AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.
lawsuit? (Score:3)
This sounds like a perfect lawsuit to me. Their failure to limit the damage seems negligent. Perhaps a hefty class action suit is in order.
Re:lawsuit? (Score:5, Insightful)
Nobody knows that. It isn't like the stolen data has a meta tag stating "this stolen data brought to you by Catch of the Day". People could have had their credit ruined because of this breach and never have connected it to the source because of Catch of the Day's security by obscurity.
Any company that uses this tactic of reputation management deserves to lose ALL its customers because they can't be trusted to operate in a responsible way with your data.
Re: (Score:2)
But purposely didn't tell the most important party in the chain.... The customer that may have been affected! As I stated above, it isn't like the thieves put a metatag on the stolen data saying "this stolen data brought to you by Catch of the Day". So identity theft resulting from this breech wouldn't be connected to them assuming the thieves even get caught.. And by then it is too late.
Customers deserve a right to be informed IMMEDIATELY of breeches in security that may have an effect on them to alert the
Re: (Score:1)
Except police banks and card issuers were all told.
And the credit card issuers didn't tell their customers?
Re: (Score:3)
No one noticed because they didn't know it was Catch of the Day that was the source of their stolen data that may have ruined their credit. And when their customers leave in droves because of this breech of trust, does that sound like a good business decision?
You may have patience and understanding with this kind of corporate malfeasance but I don't. I now know to stay leagues awa
July 18th 2014 (obviously) (Score:2)
While implied in the subject, the body of the article failed to clarify that we were not told until July 18th 2014.
Re: (Score:2)
Well, Mr Anonymous Coward ...sorry I insulted your intelligence.
Though, I'm now stuck here struggling to determine who's post was more pointless, yours or mine.
But whinging aside, why leave the reader to do any arithmetic, it's just simpler to state it regardless how obvious/trivial it may be.
I believe most of us are capable of that trivial fucking bit of arithmetic.
Though, given some replies I've seen here on /. over the years, I'm not convinced.
Online == Stolen (Score:1)
Pretty much anything entered online == stolen.
Amirite?
Aw yeah, I'm right.
Ha ha, CAPTCHA is "redesign"
Re: (Score:3)
Ha ha, CAPTCHA isn't shown when you're logged in?
Re: (Score:2)
why bother now? (Score:2)
At this point they'd probably end up with fewer problems just by keeping it quiet forever.
Similar to (Score:2)
Scorecard (Score:2)
Back to Pixel Miner.
Bloody Wonderful! (Score:2)
Not only did they take eternity to fess up but I found out about it via Slashdot - not from them. I have the same email address as 3 years ago, so I don't see why they couldn't have sent me an email??
Q&A with CotD support person ... (Score:5, Informative)
No big harm (Score:2)
Users thought it was fishy in 2012 (Score:5, Informative)