Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Australian Website Waits Three Years To Inform Customers of Data Breach

Unknown Lamer posted about 3 months ago | from the better-never-than-late dept.

Privacy 35

AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.

cancel ×

35 comments

Sorry! There are no comments related to the filter you selected.

Wasn't the ruler of that company... (-1)

Anonymous Coward | about 3 months ago | (#47487715)

found to be one of those xians? This is typical of their kind.

lawsuit? (2)

Todd Palin (1402501) | about 3 months ago | (#47487721)

This sounds like a perfect lawsuit to me. Their failure to limit the damage seems negligent. Perhaps a hefty class action suit is in order.

just five minutes to the stage, todd! (-1)

Anonymous Coward | about 3 months ago | (#47487779)

Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.

And if you threw a party
Invited everyone you knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.

Slashdice beta rawks! How can I see to more of these intriguing pop over ads?????????

Subscribe me to the newsletter post haste!!!!!

Re:lawsuit? (0)

Anonymous Coward | about 3 months ago | (#47487929)

This sounds like a perfect lawsuit to me.

Except this is in Australia.

Their failure to limit the damage seems negligent. Perhaps a hefty class action suit is in order.

Mental anquish about something you didnt even know doesn't seem plausible. So let's see what else...
A few years later and there is still no 'damage'...
Again, this isn't America, you can't sue because your grumpy.

Re:lawsuit? (4, Insightful)

penix1 (722987) | about 3 months ago | (#47487969)

A few years later and there is still no 'damage'...

Nobody knows that. It isn't like the stolen data has a meta tag stating "this stolen data brought to you by Catch of the Day". People could have had their credit ruined because of this breach and never have connected it to the source because of Catch of the Day's security by obscurity.

Any company that uses this tactic of reputation management deserves to lose ALL its customers because they can't be trusted to operate in a responsible way with your data.

Re:lawsuit? (0)

Anonymous Coward | about 3 months ago | (#47488063)

Except police banks and card issuers were all told.

Re:lawsuit? (1)

penix1 (722987) | about 3 months ago | (#47489183)

But purposely didn't tell the most important party in the chain.... The customer that may have been affected! As I stated above, it isn't like the thieves put a metatag on the stolen data saying "this stolen data brought to you by Catch of the Day". So identity theft resulting from this breech wouldn't be connected to them assuming the thieves even get caught.. And by then it is too late.

Customers deserve a right to be informed IMMEDIATELY of breeches in security that may have an effect on them to alert them to watch for suspicious activity or afford them the opportunity to cancel the card before it racks up the outrageous charges.

Re:lawsuit? (0)

Anonymous Coward | about 3 months ago | (#47490397)

> Customers deserve a right to be informed IMMEDIATELY

Again, this is not America.

Re:lawsuit? (1)

doccus (2020662) | about 3 months ago | (#47494779)

Except police banks and card issuers were all told.

And the credit card issuers didn't tell their customers?

Re:lawsuit? (0)

Anonymous Coward | about 3 months ago | (#47488073)

This sounds like a perfect lawsuit to me. Their failure to limit the damage seems negligent. Perhaps a hefty class action suit is in order.

Well, for starters, one would have to find damage to define in the first place. And I'm suuuuuuure citizens will be completely honest when approached by a lawyer with the tasty reward of a cash settlement.

Of course, they'll finally realize 7 years from now when the class-action hits the courtroom that the legal team ended up with millions, while the average citizen got a fart to the face and a coupon for 20% off Catch of the Day.

This sounds like the perfect American answer to me. Sue the fuckers. It's like an automated response these days.

Enjoy your insurance plans. All 482 of them, which will be mandatory for you to carry, and a felony if you don't, brought to you by the unending desire to sue the shit out of anything that breathes on you wrong.

Re:lawsuit? (0)

Anonymous Coward | about 3 months ago | (#47488631)

Yeah, sure, like everyone else: We all want to be victims and get some MONEY!

All that happened here was, (A) they reported it to the appropriate authorities (actual authorities, not some lobby group that seeks out people to sue), and (B) Didn't tell the public about it because they tried to cover it up and had to likely because someone blackmailed them.

It Worked (0)

Anonymous Coward | about 3 months ago | (#47487733)

No one noticed which means it was the correct plan and course of action to follow. Thank you for your patience and understanding.

Re:It Worked (2)

penix1 (722987) | about 3 months ago | (#47487981)

No one noticed which means it was the correct plan and course of action to follow.

No one noticed because they didn't know it was Catch of the Day that was the source of their stolen data that may have ruined their credit. And when their customers leave in droves because of this breech of trust, does that sound like a good business decision?

Thank you for your patience and understanding.

You may have patience and understanding with this kind of corporate malfeasance but I don't. I now know to stay leagues away from this company and to inform everyone I know about their nonchalance attitude towards data security and customer notifications of breeches.

Re:It Worked (0)

Anonymous Coward | about 3 months ago | (#47491445)

Yup, and I feel exactly the same way. The CEO has also been interviewed by the IT wire and others asking why it took so long and they don't answer the question!

Since they didn't address the length of time taken to inform customers or future policies regarding notify customers in the future, I've requested that my account be deleted.

July 18th 2014 (obviously) (1)

Mr0bvious (968303) | about 3 months ago | (#47487739)

While implied in the subject, the body of the article failed to clarify that we were not told until July 18th 2014.

Re:July 18th 2014 (obviously) (0)

Anonymous Coward | about 3 months ago | (#47488001)

Well, MrObvious ...since the headline says 3 years, I believe most of us are capable of that trivial fucking bit of arithmetic.

Re:July 18th 2014 (obviously) (1)

Mr0bvious (968303) | about 3 months ago | (#47488031)

Well, Mr Anonymous Coward ...sorry I insulted your intelligence.

Though, I'm now stuck here struggling to determine who's post was more pointless, yours or mine.

But whinging aside, why leave the reader to do any arithmetic, it's just simpler to state it regardless how obvious/trivial it may be.

I believe most of us are capable of that trivial fucking bit of arithmetic.

Though, given some replies I've seen here on /. over the years, I'm not convinced.

Online == Stolen (0)

Irate Engineer (2814313) | about 3 months ago | (#47487747)

Pretty much anything entered online == stolen.

Amirite?

Aw yeah, I'm right.

Ha ha, CAPTCHA is "redesign"

Re:Online == Stolen (2)

viperidaenz (2515578) | about 3 months ago | (#47487831)

Ha ha, CAPTCHA isn't shown when you're logged in?

Re:Online == Stolen (1)

jones_supa (887896) | about 3 months ago | (#47488039)

:D

why bother now? (1)

Trepidity (597) | about 3 months ago | (#47487781)

At this point they'd probably end up with fewer problems just by keeping it quiet forever.

Similar to (1)

meerling (1487879) | about 3 months ago | (#47487807)

It's kind of like telling someone that their Great Great Grandfather died and expecting them to congratulate them on their promptness.

Idiots (0)

Anonymous Coward | about 3 months ago | (#47487845)

Fucking idiots.

I am so glad I never gave them any credit card details despite purchasing quite a few things from them.

Complete fucking idiots.

They've lost me as a customer forever.

Total complete fucking retarded idiots.

Re:Idiots (0)

Anonymous Coward | about 3 months ago | (#47487921)

I read this in an Australian accent. It was worth it.

Also, I believe firmly in capital punishment for corporate offences (only). This would be a deserving example.

FUCK (0)

Anonymous Coward | about 3 months ago | (#47487951)

I'm a catch of the day user, I've been getting spam to my email account associated with my catch account for the last few years.

At least now I know why...

Scorecard (1)

Kris_J (10111) | about 3 months ago | (#47487959)

  • Email: aliased. One point for me.
  • Password: not the same as any other site. Another point for me.
  • Credit card: nope, use PayPal. Doesn't feel like a point for anyone.
  • Address: moved since April 2011. Three points for me, total. Three and a half, maybe.

Back to Pixel Miner.

Re:Scorecard (-1)

Anonymous Coward | about 3 months ago | (#47488101)

... point for me...

Buying crap on catchoftheday in the first place. 1000 points off.

Because (0)

Anonymous Coward | about 3 months ago | (#47488059)

Whose going to be pissed off about something that happened three years ago? Right?

How great (0)

Anonymous Coward | about 3 months ago | (#47488077)

That I wait much less to post first.

Bloody Wonderful! (1)

Gumbercules!! (1158841) | about 3 months ago | (#47488163)

I've used that site, too...

Not only did they take eternity to fess up but I found out about it via Slashdot - not from them. I have the same email address as 3 years ago, so I don't see why they couldn't have sent me an email??

Re:Bloody Wonderful! (0)

Anonymous Coward | about 3 months ago | (#47491465)

I received an email. Only those that signed up before May 2011 got the email.

Although I won't be surprised if they stuffed that up too.

Q&A with CotD support person ... (4, Informative)

davidmwilliams (1117749) | about 3 months ago | (#47488185)

Here is my story on this event, including (page 2) a "Q&A" I managed to get from them where they avoided most of my questions: http://www.itwire.com/business... [itwire.com]

No big harm (1)

jones_supa (887896) | about 3 months ago | (#47488213)

They won't suffer much harm business-wise, as this issue will mostly be forgotten over the weekend.

Users thought it was fishy in 2012 (4, Informative)

davidmwilliams (1117749) | about 3 months ago | (#47488239)

Catch of the day users noticed something was fishy back in February 2012. "We take data security seriously" said Catch of the Day rep. Yet CotD continued to choose not to tell anyone: http://www.itwire.com/business... [itwire.com]

password on other sites (0)

Anonymous Coward | about 3 months ago | (#47497947)

The whole point of telling customers is so they change the passwords they use on OTHER websites, that is the same as the one that is hashed

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?