The local head of group-buying site Living Social has said there must be more obligations placed on businesses in the event of suffering a hacking attack, saying the growing number of attacks necessitates more formal action.
The warning comes as the company itself suffered an attack over the weekend, exposing millions of customer accounts and information.
Although the business said the hack did not affect any customers’ credit card information, the attack did expose data including names, email addresses and encrypted passwords.
Local head Adam Rigby told SmartCompany this morning while the business voluntarily contacted all the relevant consumer bodies, including the Australian Competition and Consumer Commission and the Australian Information Commissioner, more must be done.
“I do believe Australia needs to step up its game in terms of what is required,” he says. “It shouldn’t rely on the leading companies to do all the work.”
Australian law currently does not dictate whether businesses must notify the public of a data breach. But given the growing frequency of hacking attacks, some experts believe this is a shortfall.
Following the LivingSocial hack, Rigby says the business posted emails and a statement on the company’s website, along with a detailed FAQ.
When it comes to hacks, he says, the more detail the better.
“We’ve really tried to be as clear as possible, and as proactive as possible, to protect both our consumers and our merchants.”
“We’re in the middle of reviewing our practices to see how we can make them much improved, but I think most companies mobilise very quickly when something like this happens.”
Given the amount of detail already posted through the company’s website, Rigby says anecdotal evidence suggests most companies have been understanding.
However, this is just the latest attempt on an Australian business. Companies such as Flippr, Distribute.IT, Lush and most recently, AAPT, have all suffered hacks.
The growing likelihood of attacks is simply factored into the cost of doing business, which is why Rigby says more needs to be done to create legal standards for when these hacks occur.
“We’ve gone above and beyond any sort of legal requirement here, we’ve even gone beyond the recommended process set out by the office of the Information Commissioner.”
“We’ve done everything we can…I think there needs to be more done in terms of legal requirements here.”
“This is just becoming more and more common, and businesses need to constantly review their practices.”