Catch of the Day escapes penalty over data breach

By on
Catch of the Day escapes penalty over data breach

OAIC closes investigations into COTD, Aussie Travel Cover leaks.

Deals website Catch of the Day and travel insurance company Aussie Travel Cover have avoided penalties from the Privacy Commissioner for separate large-scale data breaches.

Last July Catch of the Day revealed it had suffered a breach in 2011 in which customer passwords and some credit card details were stolen. The company claims to have more than 2 million members.

It was widely criticised for waiting three years to inform its customers of the theft of their details, and similarly for not acting immediately to inform the Australian Privacy Commissioner or the federal police of the incident.

The Office of the Australian Information Commissioner today finalised its inquiry into the breach.

Privacy Commissioner Timothy Pilgrim said the OAIC would avoid taking any further action against the company because it had been assured measures had been implemented to prevent a future breach.

Catch of the Day told Pilgrim it had compiled an internal report with 20 recommendations on ways to improve the management of its customers' privacy.

Pilgrim said the company had three months to provide his office with a report on how those recommendations had been implemented.

He told Catch of the Day to "improve its processes for notifying customers of data breach incidents in future", pointing out the "significant delay" between when the company became aware of the incident and when it notified its customers. 

While stating he would not pursue further action, Pilgrim did say the OAIC may conduct future enquiries if it received complaints from those negatively affected by the breach.

No fines for Aussie Travel Cover

Travel insurance company Aussie Travel Cover similarly managed to avoid any penalties for its own data breach earlier this year, in which a hacker named Abdilo claimed to have obtained almost 900,000 customer details.

The files were later revealed to be corrupted.

Pilgrim today said in light of the "prompt action" taken by the company to address the breach - including notifying customers and remediating systems  - the OAIC would not take further action.

He revealed that only 133 insurance agents and four policy holders had their full customer record accessed in an uncorrupted format.

The OAIC's investigation into the breach is now closed, Pilgrim said, but could similarly be opened should his office receive complaints from affected customers.

Copyright © iTnews.com.au . All rights reserved.
Tags:
aussie travel cover breach catch of the day oaic security

Most Read Articles

Fujitsu declares Sydney SAN crash a 'major incident'

Fujitsu declares Sydney SAN crash a 'major incident'
Telstra to launch low-cost mobile brand

Telstra to launch low-cost mobile brand
NBN Co to start DOCSIS 3.1 field trials in February

NBN Co to start DOCSIS 3.1 field trials in February
Westpac sees big early savings from cloud shift

Westpac sees big early savings from cloud shift
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?