BreachExchange mailing list archives
Fwd: Important Notice
From: Alton Blom <altonius () gmail com>
Date: Fri, 18 Jul 2014 17:33:22 +1000
Here's a recent notification for breach in 2011 for an australian company. ---------- Forwarded message ---------- From: CatchOfTheDay Newsletter <newsletter () edm catchoftheday com au> Date: Fri, Jul 18, 2014 at 5:21 PM Subject: Important Notice [image: Catch of the Day] [image: Catch of the Day] [image: Catch of the Day] Data security is very important to us, which is why we need to let you know about some developments affecting member accounts created before 7 May 2011. If you have not changed your password on Catchoftheday.com.au since 7 May 2011, we advise you to change your password. If you have changed your password since that time, no further action on our website is necessary, but we nevertheless encourage our users to regularly change their passwords. It is always good practice to have unique passwords for every website that you use. If you used the same password for Catchoftheday.com.au as other websites in 2011 we recommend that you change all of those passwords as well. In early 2011, Catchoftheday and other online retailers were targeted by an illegal cyber intrusion, which compromised names, delivery addresses, email addresses and hashed (encrypted) passwords. In some cases credit card data was compromised. Other websites in our Group were not affected. At the time, we immediately informed police, banks and credit card companies who assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators. We have also since informed the Australian Privacy Commissioner. With technological advances it means there is an increasing risk that those hashed passwords may become compromised, which is why we are asking all those users with accounts created before 7 May 2011 to change their passwords. Our security networks are continually evolving and have undergone major upgrades to keep in line with industry standards and best practices. We have better technology, better procedures and a bigger team dedicated to ensuring your experience with us is safe and secure. We regularly undertake external reviews and audits to ensure that our sites and your data are as secure as possible. We sincerely apologise to our loyal customers that these events occurred and can assure you that we have dedicated significant resources to security and privacy to avoid these events in future. If you need more information, please read below. *How do I change my password?* You can change your password by logging into your account, clicking 'My Account' in the right hand corner, and then the 'Password' tab. *How do I know if I was affected?* Only accounts created before 7 May 2011 are affected and only those users are receiving this email. If your account was created after that date, you do not have to do anything. However, we recommend all users regularly change their passwords. *What information do you currently have about me?* We generally only store what we need to complete a transaction. We require your name and delivery address details so we can send items to you and your email so we can contact you. We do not store a full credit card number and payments are processed through a third party bank. More information about what we collect can be found in our Privacy Policy, viewable here <http://www.catchoftheday.com.au/privacy>. *Was my credit card compromised?* The incident occurred in late April and early May 2011, when a string of attacks occurred against other online retailers and businesses. Only a relatively small portion of users had credit card information compromised. The vast majority of users were not affected in this way. Catchoftheday does not store full credit card data and credit card payments are processed through a third party bank. At the time, the incident was reported to relevant banks and card companies, whom enacted their own fraud prevention measures which included cancelling cards. If you are still concerned, we advise you to contact your bank. *What is password hashing?* Password hashing is similar to encryption, and turns password data into a fixed length code or 'fingerprint', so a password can be securely stored. This is known as a 'hash'. You cannot log into a website using just the hash. Our passwords are also 'salted', adding an extra layer of protection, and we adopt industry standard protection measures. *What is a good password?* A good password contains a combination of randomised letters (both upper and lower case), numbers and symbols and is over 8 characters long. *What can I do to protect my data online?* While we do everything we can to ensure your data remains secure, regularly changing passwords is your best defence for online security compromises. We advise you change your password at least once every three to four months. For more information on how to protect data online visit the Privacy Commissioner's website here <http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-8-ten-steps-to-protect-your-personal-information> . Australia's number 1 online buying group CatchOfTheDay.com.au <http://catchoftheday.com.au> Pty Ltd (ABN: 22 149 779 939) of 767 Springvale Road, Mulgrave, 3170, Victoria, Australia. Contact us by email: customerservice () catchoftheday com au To change your subscription preferences or unsubscribe click here <http://rdir.catchoftheday.com.au/d/d.html?q00dt0400cbmz400b0000i30000000000otyqkly1332>
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Fwd: Important Notice Alton Blom (Jul 18)