A break-in at video streaming service Vudu’s offices has potentially compromised customer account information, the company revealed today.
According to an email sent to customers from chief technology officer Prasanna Ganesan, the break-in occurred on March 24 at their headquarters in Santa Clara, California. Among the items stolen were computer hard drives that Ganesan says contained names, email addresses, postal addresses, phone numbers, account activity, and other customer information.
“Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers,” Ganesan wrote in the email. “It’s important to note that the drives did NOT contain full credit card numbers, as we do not store that information. Additionally, please note if you have never set a password on the VUDU site and have only logged in through another site, your password was not on the hard drives.
“While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well.”
Ganesan says as a security precaution they have expired and reset all customer passwords. A new password can be set by going to the Vudu website. In addition, the company is making arrangements with identity theft protection and data breach response company AllClear ID to protect their customers for one full year at no cost.