In an email sent to Vudu subscribers today, the company stated that there was a break-in at one of their brick and mortar offices and a number of hard drives were stolen. Unfortunately, these drives contained sensitive information on accounts including:
“…customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers. It’s important to note that the drives did NOT contain full credit card numbers, as we do not store that information.”
The email goes on to state:
“While the stolen hard drives included VUDU account passwords, those passwords were encrypted…”
This begs the question; why didn’t the company have the foresight to encrypt the entire drive? I have worked for small and large companies who make it a habit for drives to be encrypted – just in case. Although most have the policy for portable devices, some also extend the policy to fixed systems. Somehow it just makes good sense.
Consumer confidence is hard to win but easy to lose. Events like this are a blow to online purchasing community no matter they be streaming videos or the latest fashion. Security compliance officers MUST protect their most valuable asset: their loyal customers’ sensitive personal data.
Keep Pushing Forward.