Ben Grubb reports:
Security firm Symantec’s Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws.
[…]
Scroggie’s credit card data was leaked via email when a Melbourne restaurant at which he was a member attempted to have its summer menu sent out to clients. But instead of attaching the menu, it sent out the client database (unencrypted) to members.
[…]
He said he deleted the initial email received – which included his and other members’ unencrypted credit card details, emails and names – because he did not want to read the menu. After being informed, he recovered it to see what details were leaked.
Once verifying the breach, Mr Scroggie telephoned the restaurant (which he would not name) to inquire about the incident. He said staff were “very, very embarrassed” by the fiasco and blamed a third party who managed their menu subscriber email database.
Read more in The Age, where Grubb and Asher Moses discuss the data breach situation in Australia, calls for mandatory breach notification, and whether estimates of what breaches cost are accurate.