iTnews

Catch of the Day reveals three-year old data breach

By Allie Coyne on Jul 19, 2014 8:46AM
Catch of the Day reveals three-year old data breach

Delays advising customers of early 2011 "cyber intrusion".

Daily deals website Catch of the Day last night revealed it had suffered a serious data breach in 2011 that led to customer passwords and a number of credit card details being stolen.

Catch of the Day, which also owns Scoopon and GroceryRun, among others, said it had been targeted by an "illegal cyber intrusion" which had compromised names, addresses, email details, hashed passwords and in some cases, credit card details. It said other websites in its portfolio had not been targeted.

Although the company said in its advisory it had reported the hacking to police, banks and credit card issuers "immediately" after the attack, it did not tell the Australian Privacy Commissioner until an unspecified time after the breach.

Catch of the Day decided only to now advise customers with accounts created before May 7 2011 to change their passwords because "technological advances" meant there was an increased risk of the stolen hashed passwords becoming compromised. 

Users who had changed their password since May 2011 need take no action, it advised.

The company did not reveal how many customers were affected by the breach, but said "only a relatively small portion" of users had credit card details compromised.

It told users its security networks were "continually evolving" and had undergone "major upgrades" to keep in line with industry standards and best practices.

Catch of the Day's passwords are salted and it adopts "industry standard protection measures".

"We have better technology, better procedures and a bigger team dedicated to ensuring your experience with us is safe and secure. We regularly undertake external reviews and audits to ensure that our sites and your data are as secure as possible," Catch of the Day advised its customers.

"We sincerely apologise to our loyal customers that these events occured and can assure you that we have dedicated significant resources to security and privacy to avoid these events in the future."

Catch of the Day has been contacted by iTnews for further detail.

WebRep
 
currentVote
 
 
noRating
noWeight
 
 
 
 
 
 
 
 
 
 
 
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
catch of the day data breach security

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Allie Coyne
Jul 19 2014
8:46AM
0 Comments

Related Articles

  • BTC Markets exposes customer names, emails in botched blast send
  • Orchard worker recruiter exposed sensitive personal data
  • City of Port Phillip leaks personal details in data.gov.au blunder
  • NSW govt requests to privacy watchdog climb 171 percent
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia

Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.