iTWire has already reported of the breach in CatchOfTheDay's Internet-facing systems that appeared to result in the loss of their entire user database. According to their announcement, data lost included "names, delivery addresses, email addresses and hashed (encrypted) passwords."
However, it has now come to light that this breach (assuming the stated date of May 7th 2011) occurred just 16 days prior to the inking of a deal to bring $80M into the company from a group of investors including James Packer.
iTWire is curious to know whether the delicate state of negotiations forced CotD to defer announcing the breach at that time - they certainly claim to have immediately informed Police and Banks of the event; just not their customers or the Privacy Commissioner.
Of further interest is the recruitment of Seamus Byrne, a highly regarded CIO who also holds a law degree. Byrne joined the company just 4 months after the breach and remained there until April 2013. Earlier, iTWire approached Byrne for his thoughts on the matter, but he was unable to offer anything useful, "I can't comment on this matter." iTWire has subsequently requested a more detailed response from Byrne.
This is clearly the incident referred to in CotD's statement as "Only a relatively small portion of users had credit card information compromised." Presumably 10,000 is a relatively small proportion out of a customer base of around 2 million subscribers.
Catch of the Day has been contacted to address these and other related issues.