When a company loses your information, especially when it’s sensitive information like your credit card information, you expect a level of seriousness to the response. What you don’t expect is “We believe the risk of harm to you is low.” Believe? You don’t know? Did you do forensics? Did you investigate? I “believe” your explanation is lacking credibility.
According to the notification to consumers, WorldVentures recently became aware of unauthorized access to their servers. The access may have occurred from October 23, 2012 through March 14, 2013. The server held customers’ credit card numbers with expiration dates. They do not indicate how they became aware of the unauthorized access.
The firm says that they do not have any evidence that the card data were extracted. Then again, do they have any firm proof it wasn’t extracted?
“We believe the risk of harm to you is low.”
After reading some poor reviews of the company, the poor breach response makes sense but the victims deserve better.
You can read the whole article here: If you don’t know whether data were extracted, why say the risk of harm is low?