Catch of the Day reveals three-year old data breach

Powered by SC Magazine
 

Delays advising customers of early 2011 "cyber intrusion".

Daily deals website Catch of the Day last night revealed it had suffered a serious data breach in 2011 that led to customer passwords and a number of credit card details being stolen.

Catch of the Day, which also owns Scoopon and GroceryRun, among others, said it had been targeted by an "illegal cyber intrusion" which had compromised names, addresses, email details, hashed passwords and in some cases, credit card details. It said other websites in its portfolio had not been targeted.

Although the company said in its advisory it had reported the hacking to police, banks and credit card issuers "immediately" after the attack, it did not tell the Australian Privacy Commissioner until an unspecified time after the breach.

Catch of the Day decided only to now advise customers with accounts created before May 7 2011 to change their passwords because "technological advances" meant there was an increased risk of the stolen hashed passwords becoming compromised. 

Users who had changed their password since May 2011 need take no action, it advised.

The company did not reveal how many customers were affected by the breach, but said "only a relatively small portion" of users had credit card details compromised.

It told users its security networks were "continually evolving" and had undergone "major upgrades" to keep in line with industry standards and best practices.

Catch of the Day's passwords are salted and it adopts "industry standard protection measures".

"We have better technology, better procedures and a bigger team dedicated to ensuring your experience with us is safe and secure. We regularly undertake external reviews and audits to ensure that our sites and your data are as secure as possible," Catch of the Day advised its customers.

"We sincerely apologise to our loyal customers that these events occured and can assure you that we have dedicated significant resources to security and privacy to avoid these events in the future."

Catch of the Day has been contacted by iTnews for further detail.

Copyright © iTnews.com.au . All rights reserved.


Catch of the Day reveals three-year old data breach
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 845

Vote