- The company sent an email to customers this week disclosing that it first detected a breach on January 17. A hacker made off with customers’ name, email and postal address, and the last four digits of their credit card. “Full payment card information was not compromised,” the notice reiterated.
- But despite going out to thousands of customers, the email said to “keep this email and the information included within it strictly private and confidential."
- Under the U.K. data protection laws, a company must disclose a data breach within 72 hours of becoming aware of an incident, but there are no legal requirements on the customer to keep the information confidential.
- Zack Whittaker | March 25, 2021