RegistratioNation is a provider of automated online payment processing and database management for event registrations. On December 23, their attorneys notified the New Hampshire Attorney General’s Office of an intrusion that occurred on November 4, 2013. The intrusion was discovered on November 22, and during investigation, the firm discovered that although payment card information was supposed to be collected and handled by its unnamed third party payment processors, “a backup of ” some customers’ information had inadvertently remained on their server and may have been accessed.
Customer information on their server included customers’ names, dates of birth, card numbers and security codes, and billing addresses. Twenty-six New Hampshire residents are being sent letters this week; the total number affected was not indicated.
RegistratioNation removed the malicious code from its server and has taken steps to ensure that customer data is not stored on its server in the future. Customers were not offered any free services, but were advised to check their statements and to continue to do so going forward. The firm had no reports of misuse of the information.
You can read their notification to NH and affected customers here (pdf).
So here’s another case where customers are not being offered any compensation, and perhaps I should be as disappointed in them as I was with Orient-Express Hotels. But I think the difference is that Orient-Express Hotels charges its customers a bundle for its travel services, whereas RegistratioNation makes less money off each customer.
Update: 90 Maryland residents were also affected.