Criminals Benefit From Catch of the Day Failure To Disclose Email Theft
Being a victim of a hack attack is something no end-user or company ever wants to be part of, but according to numerous reports, Australian customers of COTD were the CatchOfTheDay back in April and May, 2011.
While news of the breach has been widely reported by media Companies the Company itself appears to be hiding behind a wall of silence in the same that they did back in 2011.
According to COTD’s home page there is no notice of any breach, nor does its “about” page, “blog” page or “press page” refer to the recent notification of a breach.
COTD’s “about” page boasts various facts and figures about the company, from it having started in October 2006, to the company being the No.1 Australian “shopping site” with 14.74% of all retail traffic.
The retailer also boasts of having over 2 million registered members, selling on average one item every second of every day, and of never having to buy subscriber lists.
Its “press” page boasts of wide press coverage, including clips from TV shows such as Today Tonight, but oddly, there is no mention whatsoever of the highly embarrassing security breach.
The company did issue an “important notice” to its customers on the evening of Friday the 18th of July 2014, and noted that while it had notified relevant banking authorities of the breach, it hadn’t notified its users, with the company finally and belated apologising for the security breach – although without any explanation for why the years-long delay took place.
It has also emerged that Catch of the Day customers had noticed unexpected spam junk mails arriving as far back as 2012 to email addresses that had been set up exclusively for use with the Catch of the Day site.
Complaints started arriving at Australian tech forum Whirlpool where “forum regular Nachoman” posted on the 24th of February 2012 that “I have started receiving spam from ‘mynetsale.com.au’ to an email address I’ve used only with catchoftheday.com.au”.
This was followed up by other users claiming to have experienced the same issue, with Nachoman adding “I wonder then if COTD gave our details to another party, or if they were hacked? I hope my credit card details are safe.”
A user named Seamus who claimed to work for Catch of the Day said to users “Can you please email me any examples (email address is listed in profile)? Catch takes information security very seriously and will investigate as a matter of priority.”
Unfortunately for users, Seamus never responded to the spam mail issue, despite responding to various other questions and complaints, which in the light of the 2011 breach seems to indicate Catch of the Day didn’t take the complaints seriously at all.
Smarthouse.com.au has contacted the Office of the Australian Information Consumer to discover whether its staff have been notified of the breach.