September 18, 2007

Internet Retailer Security Breach Impacts Yours Truly

I received a letter today from the folks at Internet Retailer, stating that their customer information had been breached (which would be my information), including potentially my credit card number and e-mail address.

This report has been confirmed on The Breach Blog.

Internet Retailer chose to not report their own breach on their homepage, as of 9/18/2007, 3:12pm PDT.

Interestingly, Internet Retailer has a long history of talking about security shortcomings, telling others what they must do to improve security.

The letter I received does offer an apology, which is appreciated. The letter gives me steps to take to protect my credit information. Internet Retailer does not offer me anything, as a loyal customer, in exchange for a very serious mistake that may significantly impact my life, no discount on a future publication, no free reports, nothing.

Obviously, businesses face tremendous challenges protecting customer information. No business is perfect. Evil seeks to disrupt.

This is a great example for bloggers, vendors and pundits who constantly poke fun at everybody else, those who constantly criticize companies and individuals for their shortcomings. Today, you are the judge and jury. Tomorrow, it may be you that is being judged.

4 comments:

  1. Paul McEnany8:25 PM

    I got the same letter, and I actually had my credit card number stolen, as well. I can't prove that it was because of this theft because I bought a couple other thing online around the same time, but I would suspect so. Luckily Wamu was actually really good about it and called me before I even knew.

    I was left feeling a little cold from the letter, though. Don't think I'll be using their resources again any times soon...

    ReplyDelete
  2. I had the same thing happen. I blogged about it; I was most surprise d that it took 12 days for the letter to get here.

    ReplyDelete
  3. I spoke with folks at Internet Retailer this afternoon, and have a better understanding of some of the issues. Hopefully at some point, more information can be shared.

    ReplyDelete
  4. Anonymous6:05 PM

    Got my letter ... 45 days after the fact.

    Did one step better and reported them to the card associations along with the fact that they should not have been storing card data insecurely and the site was not PCI DSS complaint.

    Good for a $250K fine from each of Mastercard and Visa.

    ReplyDelete