A company known for burying bad information to improve its customers’ online images let everyone know this week its network was hacked. Reputation.com sent e-mails to thousands of customers in more than 100 countries to let them know of the attack.
In a message sent earlier this week, the company said a security team discovered the breach as it was underway and thwarted thieves’ efforts before more damaging data could be swiped. What was stolen were names, e-mail and postal addresses and, in some instances, telephone numbers, dates of birth and occupational information.
A “small minority” also had salted and hashed passwords pilfered, but as a precaution the company reset everyone’s passwords.
No financial information such as credit card data was taken since that data is stored on another system. Additionally, the company said it does not require users to submit Social Security numbers or driver’s license numbers.
Given the nature of the company, the e-mail assured clients that account details, such as the reason for retaining Reputation.com’s services and messages exchanged with representatives, were never accessed. Both individuals and companies hire Reputation.com to manage their online reputations using tools that suppress negative online content so more positive pieces pop up first during Web searches.
The company did not post any information about the breach on its Web site as of Thursday, but customers and security outlets posted the notification on blogs. The company emphasized in its message that it was going beyond legal notification requirements in the mass-mailed alert.
“At Reputation.com, transparency and openness are part of our culture,” according to the message. “That’s why, although the extent of the breach and the limited kind of information accessed during this attack did not legally obligate us to provide notice to our users, we nevertheless felt it was important to let you know that this event occurred.
It appears that of all the locations in the world where our affected users reside, only the jurisdiction of North Dakota requires us to disclose information about this incident to its residents. However, out of an abundance of caution and due to our strong interest in transparency, we are notifying affected users, regardless of location.”
In addition to the notification and password resets, the company is offering a year of free credit monitoring to impacted customers who request the service within 30 days.