Catch of the Day escapes penalty over data breach

By on
Catch of the Day escapes penalty over data breach

OAIC closes investigations into COTD, Aussie Travel Cover leaks.

Deals website Catch of the Day and travel insurance company Aussie Travel Cover have avoided penalties from the Privacy Commissioner for separate large-scale data breaches.

Last July Catch of the Day revealed it had suffered a breach in 2011 in which customer passwords and some credit card details were stolen. The company claims to have more than 2 million members.

It was widely criticised for waiting three years to inform its customers of the theft of their details, and similarly for not acting immediately to inform the Australian Privacy Commissioner or the federal police of the incident.

The Office of the Australian Information Commissioner today finalised its inquiry into the breach.

Privacy Commissioner Timothy Pilgrim said the OAIC would avoid taking any further action against the company because it had been assured measures had been implemented to prevent a future breach.

Catch of the Day told Pilgrim it had compiled an internal report with 20 recommendations on ways to improve the management of its customers' privacy.

Pilgrim said the company had three months to provide his office with a report on how those recommendations had been implemented.

He told Catch of the Day to "improve its processes for notifying customers of data breach incidents in future", pointing out the "significant delay" between when the company became aware of the incident and when it notified its customers. 

While stating he would not pursue further action, Pilgrim did say the OAIC may conduct future enquiries if it received complaints from those negatively affected by the breach.

No fines for Aussie Travel Cover

Travel insurance company Aussie Travel Cover similarly managed to avoid any penalties for its own data breach earlier this year, in which a hacker named Abdilo claimed to have obtained almost 900,000 customer details.

The files were later revealed to be corrupted.

Pilgrim today said in light of the "prompt action" taken by the company to address the breach - including notifying customers and remediating systems  - the OAIC would not take further action.

He revealed that only 133 insurance agents and four policy holders had their full customer record accessed in an uncorrupted format.

The OAIC's investigation into the breach is now closed, Pilgrim said, but could similarly be opened should his office receive complaints from affected customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aussie travel cover breach catch of the day oaic security
In Partnership With

Most Read Articles

NBN Co says fibre-to-the-curb build is more complex than it hoped

NBN Co says fibre-to-the-curb build is more complex than it hoped
US military weapons systems found to have vulnerabilities

US military weapons systems found to have vulnerabilities
NBN Co explores 'FTTN in a box' for emergency network fixes

NBN Co explores 'FTTN in a box' for emergency network fixes
How Woolworths landed in 'really bad shape' with Salesforce

How Woolworths landed in 'really bad shape' with Salesforce
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018

Events

Log In

Username / Email:
Password:
  |  Forgot your password?