Quote:
Originally Posted by brong
The issue has now been escalated directly to me, and I have replied outlining both the steps we have taken, my apology on behalf of the entire company, and what we can do in future to monitor the address and see if the exposure to a known third party has resulted in it being used by spammers.
I am quite happy to have all our interactions published.
My apologies for the delay in posting that initial response here. When I became aware of the issue, I was on a standing-room-only train at the time traveling to my father-in-law's house for family dinner.
Given that there was no timely element involved:
* the exposed data was an email address
* the related threat is receiving spam messages to the primary account name
* the mitigation is renaming the account, which can happen at any time and stop the flow of spam
* there was no evidence that there was an immediate flood of spam to the account, so delaying that rename by some hours made no difference
.. and since I've been overseas for the last month and this family dinner was the first one in a while, I politely waited until after dinner to sit down at my laptop and give this issue my full attention.
If my assessment of the urgency was incorrect, I apologise for that as well.
Regards,
Bron.
|
The related threat is that the email address is being given out to an outside company (& in another country) which could itself suffer a data breach. And many of theses breaches aren't know/admitted until years later .
In future as you are going to continue this practice. How about automatically creating an alias within each account & giving that out to your survey friends & whoever else instead of giving out our login email