An Aussie boss at the insecurity outfit Symantec is furious that his credit card details were leaked by a Melbourne restaurant.
Craig Scroggie, who earns a crust flogging security products to prevent this sort of thing happening, told a Symantec roundtable discussion in Sydney that his case highlighted the need for mandatory privacy breach notification laws.
According to the Sydney Morning Herald, Scroggie’s credit card data was leaked via email when a Melbourne restaurant, at which he was a member, attempted to have its summer menu sent out to clients. Apparently instead of attaching the menu, it sent out the unecrypted client database to members.
What got Scroggie’s goat was that he only found out about the breach after a follow-up email was sent informing him of the incident.
Scroggie said it would be a wise idea for governments to introduce laws requiring companies to notify customers as soon as a data breach has occurred.
In Australia, the government has been sitting on such law reform since 2008. Scroggie believes this is probably because it would reveal embarrassing data breaches within the government.
Many organisations in Australia are not required to own up to a data breach that has happened. In many US states, however, organisations must disclose such breaches.
Scroggie deleted the initial email received because he did not want to read the menu. After being informed, he recovered it to see which details were leaked.