On January 13, I wrote:
And for Tuesday’s edition of “How Not to Handle a Reported Breach,” we give you….. (drum roll)…. Boomerang Rentals.
Although Boomerang has continued to investigate claims of a breach resulting in fraudulent charges, and have brought in a third party to assist in their investigation, they still haven’t notified consumers of the situation.
Given that there are reports of fraud, wouldn’t it be prudent of them to notify everyone and say, “Look, we have not found any evidence of any breach of our system, but we’d rather err on the side of caution, so do be careful out there and check your card statements, etc…” ?
But now things have gotten even worse, in my opinion. Seen on Twitter this morning (and sent to me by a reader of this blog):
Wow. @boomeranggames blocked me after I told them about a SQL Injection vulnerability in their site. Really taking security seriously? 🙁
— Danny Tuppeny (@DanTup) January 23, 2015
Yes, Boomerang. Put your head in the sand on Twitter. That’s sure to make things better.