Yesterday, customers of the streaming video service company Vudu began receiving emails to alert them of a theft that occurred in the company’s offices TWO WEEKS ago on March 24. According to Vudu, the hard drives which were stolen definitely contains sensitive personal information, including but not limited to: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers.
Obviously, the first thing that strikes strange about this whole situation is the time delay: two weeks? It took them two weeks to notify their customers that a major security issue has occurred. But why was the time delay such a big deal? According to Prasanna Gasneasn – Chief Technology Officer for the company – it’s not huge crisis because their company doesn’t store whole 16-digit credit cards anywhere on their hard drives. However – as we’ve learned from our readings about data-mining and other information collection techniques, you don’t need a lot to take you far. In fact – the ‘basic’ type information that was stolen contains enough information for most people to figure their way into someone’s account, either thru the gathering of other small bits of information or by making do with what they have.
I believe this brings to light a major ethical issue. Was Vudu attempting to cover-up this security breach and that’s why they waited two weeks to alert their customers? If so – I’m curious to what pushed Vudu to suddenly alert their customers? Whistleblowing anyone?