Is this the world record for lazy data breach notification?

Security

by Jimmy Nicholls| 21 July 2014

Australian ecommerce site even lost credit card details in this attack.

Australian ecommerce site Catch of the Day has revealed it suffered a security breach three years ago after it sent an email advising customers to change their passwords.

In early 2011, hackers stole names, delivery addresses, email addresses, hashed passwords and even some credit card details from the firm, which contacted police and banks at the time.

Jason Rudy, executive GM at Catch Group, said: "We unreservedly apologise to our customers for this incident.

"We take data security seriously and have taken strong measures to protect their personal information."

The company said that they were informing users of the breach because technology advances might have put the hashed passwords at risk, and advised those who had not changed their password since May 7 2011 to do so.

It added that it had informed the office of the Australian information commissioner, which was not made privy to the breach at the time it occurred.

The Labor opposition has previously criticised the incumbent coalition for stalling legislation that would oblige companies and government bodies to inform customers when privacy had been breached.

Tim Keanini, CTO of security firm Lancope, told Forbes the lag in disclosure was "a ridiculous amount of time".
"If these users are still using the same passwords for the past three to four years, we have even bigger problems," he added.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.