It has been reported that the online retail company, CatchOfTheDay, has finally notified its customers of a data breach which dates back to 7th May 2011.
The data breach resulted in names, email and postal addresses, payment card details and encrypted passwords being compromised. It has also been reported that CatchOfTheDay informed the relevant authorities such as the police and financial firms of the data breach when they discovered that data had been compromised.
CatchOfTheDay stated that these authorities “assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators” It was also claimed that they didn’t deem it appropriate to notify the affected customers as passwords were reasonably safe and therefore they weren’t at any real risk of serious harm.
CatchOfTheDay finally made news of the data breach public as encryption cracking methods have improved significantly and therefore the stolen passwords aren’t as safe as previously thought.
An email was sent out notifying customers of the data breach. The email stated, “We sincerely apologise to our loyal customers that these events occurred and can assure you that we have dedicated significant resources to security and privacy to avoid these events in future.”
Therefore, the retail company has informed its customers of the breach and encouraged them those who have used the same password since the breach to change it.
The delay in notifying customers of the data breach has undoubtedly resulted in a huge outcry of anger from those affected.
Michael McKinnon who is an AVG security adviser believes that it is a dilemma for businesses as they don’t have to legally notify the public of any data breaches and questions why the retailer has suddenly made a public announcement about the data breach after such as long time.
McKinnon stated, “This is a dilemma for all business, given the fact we don’t have mandatory disclosure laws. banks would have cancelled the credit cards and contacted the customers to say we believe your card has been compromised.”
McKinnon added, “I would question, why has it come out now? This might be a case of stay tuned.”
This event signifies the importance of utilising different passwords for different online accounts. It is also very important that a strong password is used to give yourself the best possible chance of ensuring that your online account remains safe.