Thursday, August 13, 2015
How long is too long for responsible disclosure?
The fact that bank account details and other personal data of some 2.4 million Carphone Warehouse customers has been compromised is bad enough; that this news broke over the weekend is even worse. Try dealing with your bank or credit card provider on a Saturday or Sunday, in order to notify them of a potential compromise of your data and request they monitor accounts for unusual activity, and you'll know exactly what I mean. Online banking may well be 24/7 but customer service and support simply does not function in the same way out here in the real world of outsourced call centres and departmental hoops that need jumping through. Of course, it's not the fault of Carphone Warehouse that it discovered the breach over the weekend is it? Apart that in actual fact it discovered the breach on the Wednesday, that's some three days before it disclosed it to customers whose data may be at risk.