Internet companies spend a lot of time and effort beefing up on cyber security, but sometimes it isn’t just the hackers you have to worry about. According to a recent email sent out by streaming movie service, VUDU, a good ole’ fashioned B&E job at its headquarters resulted in the theft of hard drives loaded with private customer information.
In the email notification, VUDU is quick to point out that complete credit card numbers were not among the data stolen on March 24th, as it does not keep that kind of data on file. However, the company did say that among the information stolen were “names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers.”
VUDU also confirmed that customer passwords were stolen, but that those passwords were encrypted, and while it believed it would be difficult to break the password encryption, it couldn’t “rule out that possibility given the circumstances of this theft.”
VUDU is not disclosing details on how many of its customers were affected. It has, however, proactively expired and reset the passwords of those users who had one set on the VUDU site and is urging anyone who may have used that same password on other sites to make changes there as well.
In addition, the company has arranged to have AllClear ID protect the identity of those affected for one full year at no cost. An FAQ bas been set up to answer further questions. VUDU account holders can reset their passwords here.
While we think VUDU’s handling of the situation is respectable, we can’t help but feel it should probably invest in an effective alarm system and maybe a few extra locks on the doors.