Catch of the Day escapes penalty over data breach

By on
Catch of the Day escapes penalty over data breach

OAIC closes investigations into COTD, Aussie Travel Cover leaks.

Deals website Catch of the Day and travel insurance company Aussie Travel Cover have avoided penalties from the Privacy Commissioner for separate large-scale data breaches.

Last July Catch of the Day revealed it had suffered a breach in 2011 in which customer passwords and some credit card details were stolen. The company claims to have more than 2 million members.

It was widely criticised for waiting three years to inform its customers of the theft of their details, and similarly for not acting immediately to inform the Australian Privacy Commissioner or the federal police of the incident.

The Office of the Australian Information Commissioner today finalised its inquiry into the breach.

Privacy Commissioner Timothy Pilgrim said the OAIC would avoid taking any further action against the company because it had been assured measures had been implemented to prevent a future breach.

Catch of the Day told Pilgrim it had compiled an internal report with 20 recommendations on ways to improve the management of its customers' privacy.

Pilgrim said the company had three months to provide his office with a report on how those recommendations had been implemented.

He told Catch of the Day to "improve its processes for notifying customers of data breach incidents in future", pointing out the "significant delay" between when the company became aware of the incident and when it notified its customers. 

While stating he would not pursue further action, Pilgrim did say the OAIC may conduct future enquiries if it received complaints from those negatively affected by the breach.

No fines for Aussie Travel Cover

Travel insurance company Aussie Travel Cover similarly managed to avoid any penalties for its own data breach earlier this year, in which a hacker named Abdilo claimed to have obtained almost 900,000 customer details.

The files were later revealed to be corrupted.

Pilgrim today said in light of the "prompt action" taken by the company to address the breach - including notifying customers and remediating systems  - the OAIC would not take further action.

He revealed that only 133 insurance agents and four policy holders had their full customer record accessed in an uncorrupted format.

The OAIC's investigation into the breach is now closed, Pilgrim said, but could similarly be opened should his office receive complaints from affected customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aussie travel cover breach catch of the day oaic security
In Partnership With

Most Read Articles

Google ordered to reveal identity of anonymous reviewer

Google ordered to reveal identity of anonymous reviewer
CBA vows 95 percent public cloud as it culls 25 percent of apps

CBA vows 95 percent public cloud as it culls 25 percent of apps
ANZ and CBA push for consolidation of EFTPOS, BPAY and NPP

ANZ and CBA push for consolidation of EFTPOS, BPAY and NPP
Broadband tax bill gets senate committee green light

Broadband tax bill gets senate committee green light
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Driving business innovation through private cloud solutions
Driving business innovation through private cloud solutions
Future proofing your datacentre with hyperconverged infrastructure
Future proofing your datacentre with hyperconverged infrastructure
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here

Events

Log In

Username / Email:
Password:
  |  Forgot your password?