A spokesman confirmed 15,085 users were affected and said: "NCT has suffered a data breach which, regrettably, has caused some users of our website to have their registration details compromised." These details are limited to their email address, username and an encrypted version of the password that they created to register on the site. In the email to parents chief executive Nick Wilkie said: "While your password is encrypted, as a precaution, I would advise you to change any password as soon as possible for other accounts or registrations that use these details." |
So what I don't understand: why didn't they immediately invalidate (delete) all the records in order to force users to change their passwords?