Catch of the Day escapes penalty over data breach

By on
Catch of the Day escapes penalty over data breach

OAIC closes investigations into COTD, Aussie Travel Cover leaks.

Deals website Catch of the Day and travel insurance company Aussie Travel Cover have avoided penalties from the Privacy Commissioner for separate large-scale data breaches.

Last July Catch of the Day revealed it had suffered a breach in 2011 in which customer passwords and some credit card details were stolen. The company claims to have more than 2 million members.

It was widely criticised for waiting three years to inform its customers of the theft of their details, and similarly for not acting immediately to inform the Australian Privacy Commissioner or the federal police of the incident.

The Office of the Australian Information Commissioner today finalised its inquiry into the breach.

Privacy Commissioner Timothy Pilgrim said the OAIC would avoid taking any further action against the company because it had been assured measures had been implemented to prevent a future breach.

Catch of the Day told Pilgrim it had compiled an internal report with 20 recommendations on ways to improve the management of its customers' privacy.

Pilgrim said the company had three months to provide his office with a report on how those recommendations had been implemented.

He told Catch of the Day to "improve its processes for notifying customers of data breach incidents in future", pointing out the "significant delay" between when the company became aware of the incident and when it notified its customers. 

While stating he would not pursue further action, Pilgrim did say the OAIC may conduct future enquiries if it received complaints from those negatively affected by the breach.

No fines for Aussie Travel Cover

Travel insurance company Aussie Travel Cover similarly managed to avoid any penalties for its own data breach earlier this year, in which a hacker named Abdilo claimed to have obtained almost 900,000 customer details.

The files were later revealed to be corrupted.

Pilgrim today said in light of the "prompt action" taken by the company to address the breach - including notifying customers and remediating systems  - the OAIC would not take further action.

He revealed that only 133 insurance agents and four policy holders had their full customer record accessed in an uncorrupted format.

The OAIC's investigation into the breach is now closed, Pilgrim said, but could similarly be opened should his office receive complaints from affected customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aussie travel cover breach catch of the day oaic security
In Partnership With

Most Read Articles

NBN Co says 'not possible' to show cheapest FTTP connections

NBN Co says 'not possible' to show cheapest FTTP connections
Sydney man allegedly stole $600k of AWS Snowball drives

Sydney man allegedly stole $600k of AWS Snowball drives
NBN speed standards emerge at top tiers

NBN speed standards emerge at top tiers
DTA calls out contractors and consultants as barriers to change

DTA calls out contractors and consultants as barriers to change
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Log In

Username / Email:
Password:
  |  Forgot your password?