The latest data breach victim is online ticket vendor, Vendini, hit by a hack that has compromised at least one million accounts. That's bad enough, but Vendini also stumbled badly in its damage control. A few months ago, I bought a theater ticket to see a dark little play called “A Behanding in Spokane.” Now I feel like I’ve been behanded. That’s because I used a giant online ticket vendor called Vendini to buy those tickets. Now it turns out that Vendini has been hacked, and the bad guys may well have my credit card information. There have been so many data breaches and credit card hacks that most of us know the drill. Check your bank and credit card statements and change your passwords and if necessary notify a credit reporting agency. What infuriates me about this particular incident is how poorly Vendini appears to have handled it. I got an email from Vendini on May 23 that says: “We regret to inform you that on April 25, 2013, Vendini, Inc. detected an unauthorized intrusion into its systems.” Excuse me? April 25? That’s nearly a month between the discovery of the hack and the arrival of that email, which means the bad guys had weeks to pillage my accounts, and hundreds of thousands, maybe millions, of people who have used the service. (Vendini also posted the message online.) Why didn’t the company notify us? Says Vendini: “We are actively cooperating with federal law enforcement, and this notification to you was delayed specifically to support law enforcement’s investigation.” That’s nonsense. It’s one thing to keep certain details of a crime from the public; it’s quite another to withhold that information from potential victims. Vendini says that it does not store CVC numbers (the three-digit authorization code on the back of a credit card), so that makes a hack somewhat less likely. However, not all online sites require a customer to use the CVC number, and other information stored with Vendini could be used to ferret out other financial information. Naturally, I asked Vendini about this and have yet to get a reply to that question or information on how many accounts are at risk and what security measures the company has taken to keep this from happening again. Since I use more than one debit and credit card, and the email gave no hint of which account may have been hacked, I’ve had to check every single one of those statements looking for bogus charges. So far so good. In the first three months of 2013, there were at least 131 significant data breaches, involving more than 800,000 accounts, according to the Identity Theft Resource Center. This is really out of hand. There’s simply no excuse for vendors to hide for weeks that the bad guys have accessed personal data. Related content brandpost How an Indian real-estate juggernaut keeps growing by harnessing the power of zero A South Indian real-estate titan is known for the infinite variety and impressive scale of its projects, but one of its most towering achievements amounts to nothing literally. By Michael Kure, SAP Contributor May 31, 2023 5 mins Digital Transformation brandpost Hybrid working: the new workplace normal IT leaders discuss how a more broadly dispersed workforce impacts device deployment, connectivity, and the employee experience, even as more workers return to the office. By Michael Krieger May 31, 2023 5 mins Remote Work opinion Can you spot the hidden theme of CSO’s Future of Cybersecurity summit? By Beth Kormanik May 31, 2023 2 mins Events Cybercrime Artificial Intelligence case study How IT leaders use EV tech to fuel the transport revolution in Kenya Many African nations are starting to invest in electric vehicle (EV) transportation as a means to broaden access and help keep pace with global environmental initiatives. In Kenya, strides are being made despite industry and tech leaders grappling to By Vincent Matinde May 31, 2023 5 mins CIO CTO Emerging Technology Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe