NEWS
Companies that suffer security breaches in which customer data is put at risk should be publicly named, according to silicon.com readers.
Last week silicon.com revealed that a potential security breach at a UK-based online retailer is being investigated and has led to thousands of MasterCard and Visa holders having their credit cards cancelled.
And now silicon.com readers - many of them card holders who have been affected - are calling for the retailer's name to be made public.
A reader - among those to have their card replaced - said: "As one of those 4,000 affected, I believe that if there is no doubt as to where the data originated then we should be made aware of that fact."
Another anonymous reader added: "It is not acceptable for the name of the retailer to be kept secret. The public have a right to know."
A marketing director called Iain pointed out that US companies have different rules to follow: "If this happened in [the] US, the retailer would be exposed and hit with hefty PR and financial costs. Not much point in having Data Protection laws if they only generate a slap on the wrist."
Stuart Horner, a managing director from Sheffield, said "I fully agree that the retailer should be named - if only to protect future users of their site. I will be reviewing my use of internet retailers in the future."
In the UK companies are not required to go public with data breaches, in contrast to California - and soon possibly the whole of the US - where legislation requires them to do so.
A spokesman for the Information Commissioner's Office (ICO) said there is nothing in the Data Protection Act to require a company to inform either its customers or the ICO if a data breach has occurred but added: "If a company has a breach then it would help us if they let us know... In terms of us taking action, if we receive a complaint we will investigate in the normal way."
Comments
There are 10 comments. Join the discussion
1. anonymous
Finding the name of the etailer could be quite easy. My UK Mastercard is being replaced... but as I've lived overseas for over a year I've only done a small number of online transactions. As my card has been cancelled, so also has online access to my account... but from memory the major UK etailers I have dealt with include, but is not limited to, [names ommitted].
Clearly you need to be responsible journalists and not publish this list which thus might harm innocent parties, but a quick private poll amongst those who have commented might score a quick hit.
[Ed note: You're right, we can't publish likely names without proof or the retailer holding up its hands. We have been asking every reader who has contacted us and we now have a pretty short short-list.]
2. Angus Doyle
Their must be something that could be done to publicly name the company that was targeted by this lapse in security.
Frankly its an outrage that no-one is coming forward on this. The retailer must be a big one to deploy such a huge hush campaign.
The People DEMAND to know.
3. anonymous
Now that you may have found the name of the etailer...
Surely now that silicon.com has that short short-list of all the potential etailers possibly including the one that caused this security issue, can silicon.com not contact these etailers asking for a comment. Perhaps this will press them into coming clean.
This would be exciting investigative journalism and be hugely beneficial to your loyal readers. ;-)
[Ed note: We're on the case.]
4. anonymous
This case get publicity because it involves an online retailer. But how is a security breach for an online retailler any different from one in a traditional shop?
Does anyone ever question the measures a conventional retailler uses to protect your data?
I would suggest that your details are much more at risk from a low paid, part time shop worker than hi tech hackers.
The simple truth is that you financial details are potentially at risk everytime you supply them to a third party - be that on the web or in person
5. chris ramsay
I for one would like to know who it is in order to avoid them in future...
6. anonymous
Whoever it was, IMHO they are shooting themselves in the foot by trying to cover it up. If they squirm while the truth is forced out of them, no-one will ever trust them again. A name will be named sooner or later. What are they doing, hoping that someone will get the wrong name?
Much better to be up-front and clear the air.
It's about time our respected EU institutions got off their backsides and produced some legislation about this.
7. David
Hey people...... so it was your credit card details this time.......... How do you feel about I.D. cards now?
If you get my point...... Those crackers/leakers are going to have a field day with your personal I.D. info
Be afraid of Whitehall be very afraid?
8. anonymous
I don't really see why anyone is that bothered, it is only Mastercard that are losing out. Sure you have the inconvenience of not having your card for a few days (maybe a week) while they replace it, but we all have alternatives- I'm a student and could live (and have lived)for a week quite easily without my Mastercard.
At the end of the day, sure I would be interested, but not particularly concerned.
9. Peter Olivier
I agree, my wife discovered an unauthorised transaction on our account shortly after making several internet transactions on Friday and I would like to know whether this could have been related. Her card has now been stopped and she has to suffer the inconvenience of waiting for a new one to be issued. I am now going open an account for internet transactions only keeping sufficient funds to support these transactions in it.
10. Charles R. Haggard
What about NHS Trusts that breach patient confidentiality? Should we pursue them too?