Aurarum Data Breach

picklewizard on 20/06/2021 - 20:54

Hi all,

I have a very similar experience to that of stickyfingers' in this thread: https://www.ozbargain.com.au/node/626156 (I was also caught up in this breach)

I'm now receiving spam to an email address used exclusively with Aurarum (a 3D printing supplier).

The email address is generic spam from a company called "Indigo-Shop".

I have reached out for an explanation, but I'm also checking here to see if anybody else who's transacted is affected - if you don't have a setup similar to mine you may be receiving spam but be unaware of the source.

If you're affected, I recommend you reach out to Aurarum for a "please explain" - hold these companies with lax security accountable; this isn't acceptable.

If you're unhappy with their response, raise a privacy complaint: https://www.oaic.gov.au/privacy/privacy-complaints/before-yo…

General Discussion

Related Stores

aurarum.com.au
aurarum.com.au

Comments

  • bobbified on 20/06/2021 - 21:08

    If you're affected, I recommend you reach out to Aurarum for a "please explain"

    Is there anything they can really say that'll make things better?
    Just like revenge porn where once it's out, it's out and there's not that much anyone can do about it. Just pray that the spam filters on whatever email server you use is good!

    • picklewizard on 20/06/2021 - 21:11
      +6

      Yes, absolutely!

      At an absolute minumum: "We are aware of the breach, it was due to [reason], and we have done [steps to resolve]. We have also fulfilled our obligations with respect to notifiable data breach requirements."

      There's plenty they can do about it. I'm honestly a little surprised by your response - would you be ok if you knew companies were leaking your data?

      The standard to which you do not object is the standard you accept, and I absolutely do not accept this standard.

      • bobbified on 20/06/2021 - 21:15

        I'm honestly a little surprised by your response - would you be ok if you knew companies were leaking your data?

        I mean, from the customer's point of view, it's too little too late. It's happened already and they can't just go and take back the data (including your details) from whoever's accessed it.

        The most you can do is not shop with them in future. Maybe I'm being a bit naive, but what else can you do?

        • picklewizard on 20/06/2021 - 21:18

          what else can you do?

          Hold them responsible.

          "I stole your car, but hey, it's gone now, I stripped it for parts and sold them and torched what was left, you can't go take it back because it's now a burnt-out shell." Would I have no case to answer?

          The more businesses that are held responsible for their actions, the less likely others are to be so blase with protecting customer data.

          • bobbified on 20/06/2021 - 21:24

            @picklewizard:

            Hold them responsible.

            And what is that going to do with the spam you're now getting? For your example of a car, there's a specific value you can quantify for compensation. What price do you put on someone's details? If there's tens of thousands of customer details, would you like them to pay compensation to the point where they go bust?

            Don't get me wrong - I know what you're getting at. But like I said, they can accept responsibility for what's happened and they can bulk up security and protect themselves from the risk of future data breaches (which they probably will). It's just that doing something now isn't going to make much of a difference for the people who's email address/details have already been leaked.

            • picklewizard on 20/06/2021 - 21:29
              +1

              @bobbified:

              they can bulk up security and protect themselves from to manage the risk of future data breaches.

              Brilliant. That's a result!

              That still isn't going to make much of a difference for the people who's email address/details have already been leaked.

              Let's go back to your revenge porn example. Put yourself in the shoes of the woman who's now got her pictures posted online. Do you think she'd be happy hearing you say, 'too bad, what's done is done, you didn't lose anything of tangible value'? Or do you think she might want that person held responsible, in the hope that both they, and the next scumbag that thinks that he can get away with it, think twice before doing so? Revenge porn offenses can carry prison terms, because the definition of a crime isn't just "theft of a tangible item".

              There's a reason data breach laws exist. I'm not asking for a time machine to be invented and my data to be magically sucked back out of the Internet (and I feel I've been pretty clear on this point…) I'm expecting that they be held responsible.

              • bobbified on 20/06/2021 - 21:39
                +1

                @picklewizard:

                Or do you think she might want that person held responsible, in the hope that both they, and the next scumbag that thinks that he can get away with it, think twice before doing so.

                Your original post wasn't about punishment - you were asking for a "please explain". What is there to explain? It's already happened.

                For the revenge porn example - Of course you'd like to see the person punished, but the pictures or videos will still be floating around out there. There's little point asking why he/she did it.

Login or Join to leave a comment
Login Join