Home page logo

dataloss logo Data Loss mailing list archives

Fwd: Important Notice
From: Alton Blom <altonius () gmail com>
Date: Fri, 18 Jul 2014 17:33:22 +1000

Here's a recent notification for breach in 2011 for an australian company.

---------- Forwarded message ----------
From: CatchOfTheDay Newsletter <newsletter () edm catchoftheday com au>
Date: Fri, Jul 18, 2014 at 5:21 PM
Subject: Important Notice

       [image: Catch of the Day]   [image: Catch of the Day]   [image:
Catch of the Day]

Data security is very important to us, which is why we need to let you know
about some developments affecting member accounts created before 7 May 2011.

If you have not changed your password on Catchoftheday.com.au since 7 May
2011, we advise you to change your password. If you have changed your
password since that time, no further action on our website is necessary,
but we nevertheless encourage our users to regularly change their passwords.

It is always good practice to have unique passwords for every website that
you use. If you used the same password for Catchoftheday.com.au as other
websites in 2011 we recommend that you change all of those passwords as

In early 2011, Catchoftheday and other online retailers were targeted by an
illegal cyber intrusion, which compromised names, delivery addresses, email
addresses and hashed (encrypted) passwords. In some cases credit card data
was compromised. Other websites in our Group were not affected.

At the time, we immediately informed police, banks and credit card
companies who assisted us in taking action to protect our users, which
included cancelling credit cards and launching investigations into the

We have also since informed the Australian Privacy Commissioner.

With technological advances it means there is an increasing risk that those
hashed passwords may become compromised, which is why we are asking all
those users with accounts created before 7 May 2011 to change their

Our security networks are continually evolving and have undergone major
upgrades to keep in line with industry standards and best practices. We
have better technology, better procedures and a bigger team dedicated to
ensuring your experience with us is safe and secure. We regularly undertake
external reviews and audits to ensure that our sites and your data are as
secure as possible.

We sincerely apologise to our loyal customers that these events occurred
and can assure you that we have dedicated significant resources to security
and privacy to avoid these events in future.

If you need more information, please read below.

*How do I change my password?*

You can change your password by logging into your account, clicking 'My
Account' in the right hand corner, and then the 'Password' tab.

*How do I know if I was affected?*

Only accounts created before 7 May 2011 are affected and only those users
are receiving this email. If your account was created after that date, you
do not have to do anything. However, we recommend all users regularly
change their passwords.

*What information do you currently have about me?*

We generally only store what we need to complete a transaction. We require
your name and delivery address details so we can send items to you and your
email so we can contact you.

We do not store a full credit card number and payments are processed
through a third party bank.

More information about what we collect can be found in our Privacy Policy,
viewable here <http://www.catchoftheday.com.au/privacy>.

*Was my credit card compromised?*

The incident occurred in late April and early May 2011, when a string of
attacks occurred against other online retailers and businesses.

Only a relatively small portion of users had credit card information
compromised. The vast majority of users were not affected in this way.
Catchoftheday does not store full credit card data and credit card payments
are processed through a third party bank.

At the time, the incident was reported to relevant banks and card
companies, whom enacted their own fraud prevention measures which included
cancelling cards. If you are still concerned, we advise you to contact your

*What is password hashing?*

Password hashing is similar to encryption, and turns password data into a
fixed length code or 'fingerprint', so a password can be securely stored.
This is known as a 'hash'. You cannot log into a website using just the

Our passwords are also 'salted', adding an extra layer of protection, and
we adopt industry standard protection measures.

*What is a good password?*

A good password contains a combination of randomised letters (both upper
and lower case), numbers and symbols and is over 8 characters long.

*What can I do to protect my data online?*

While we do everything we can to ensure your data remains secure, regularly
changing passwords is your best defence for online security compromises. We
advise you change your password at least once every three to four months.

For more information on how to protect data online visit the Privacy
Commissioner's website here
           Australia's number 1 online buying group

CatchOfTheDay.com.au <http://catchoftheday.com.au> Pty Ltd (ABN: 22 149 779
939) of 767 Springvale Road, Mulgrave, 3170, Victoria, Australia.
Contact us by email: customerservice () catchoftheday com au

To change your subscription preferences or unsubscribe click here
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!

  By Date           By Thread  

Current thread:
  • Fwd: Important Notice Alton Blom (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]