Catch of the Day owns up to 2011 hacking

Online retailer admits customer information stolen, three years after attack.
 
Learn more
 
 
 
 
 

01.Credit cards and passwords at risk

cn-catch-of-the-day-hacked-lead

Online retailer Catch of the Day has finally owned up to being hacked more than three years ago, with user names, addresses, passwords and credit card data potentially put at risk

While the attack occurred in early 2011, customers weren't contacted until late last week.

The company hasn’t revealed the full extent of the breach, but explained that encrypted data that was potentially safe in 2011, is now at risk of being compromised. "As technology advances, there is a risk that those hashed [encrypted] passwords become compromised and Catch of the Day decided in light of these developments to proactively inform customers," they said. 

In a statement released to their customers, Catch of the Day also admitted that credit card information had been stolen during the breach. Security has since improved according to Catch Group (the company behind Catch of the Day) Executive General Manager Jason Rudy.

“Our website security and technology is continually evolving and has undergone continual upgrades to keep in line with industry standards and best practices,” he said. "We have committed significant resources both internally, with a large dedicated team and externally via expert consultants to ensure we meet industry standards.”

While banks, police and credit card companies were reportedly informed at the time and cancelled affected credit cards, the Australian Privacy Commissioner, Timothy Pilgrim, however, was not notified until June this year, according to a report on tech site ZDNet. The company strongly recommends all users, especially those who had signed up before May 2011, change their passwords.

Catch of the Day claimed that other online stores had also been attacked during the breach, however they didn’t specify which ones. One popular retailer, Kogan, quickly confirmed in a statement on its Facebook page that it was not affected.

Kogan 'not compromised'

“For the avoidance of doubt, we would like to assure all Kogan.com customers that we were not affected by the security breach impacting the daily deals website, and the first we heard of it was also late on Friday,” Kogan said. “All Kogan.com customer data is safe and always has been. No Kogan.com customer data has ever been compromised.”'

Following the news, Catch of the Day customers turned to social media to air their frustration with the delayed notification and difficulties in cancelling their accounts. Rather than offer a simple user-end option, Catch of the Day asked its customers to contact them directly via their live chat service, and manually request an account cancellation.

Difficulty closing account

Former customer Mark Focas contacted CHOICE after he had trouble closing his account. “I looked it up, but there was no information on the site anywhere on how to delete an account,” he explained. “So I got hold of the online chat, I talked to them and they said they'd have to send it off to their service team, which would take 24 to 48hours, and they'd need my email address to do it.”

Mark said that even though he considered himself a proficient computer user with plenty of online experience, he found the whole process difficult. “Eventually I found it [the solution] on one of the pages, but it wasn't obvious straight away,” he said. “It tried to send you through the FAQ, but there was nothing there.”

After 10 minutes on chat, Catch of the Day agreed to close Mark’s account and delete all his data, including his transition history. About 32 hours had passed at the time of writing and Mark said he hadn’t heard back from Catch of the Day on whether they’d followed his request.

Mark said that while he understood that online data breaches were commonplace, it was the handling of the situation that frustrated him the most.

“I would’ve expected to go to the site and seen a reasonably big notice, to me it seems like they're really not being upfront,” he said.

“They've waited three years and now that they have come forward they seem to be avoiding publicity as much as they can.”

This article has been updated following contact from Catch of the Day

 
 

 

Sign up to our free
e-Newsletter

Receive FREE email updates of our latest tests, consumer news and CHOICE marketing promotions.

 
Your say - Choice voice

Make a Comment

Members – Sign in on the top right to contribute to comments