Credit Card Breach
I have a company credit card that I never carry around, and is only used to pay OOMA, AT&T and SunPass (FL tolls), yet my credit card information was compromised. That means it was either OOMA, AT&T or SunPass that was hacked, and my bets are on OOMA. Especially after calling in to customer support and being told they do not have a "security department". When I asked, "Then how would you know if you were ever hacked?", the response was, "We wouldn't." That is absolutely crazy and has to be in violation of Visa/MC rules, to maintain an unsecured system that stores credit card information.
Re: Credit Card Breach
That is pretty scary. OTOH, I just got a letter from my bank, a local bank with $8B (billion) in assets, telling me a piece of software they (and many other institutions and government agencies) use to transfer funds had a "critical vulnerability" they just found out about. All the info needed for identity theft was compromised. To their credit, they are giving all their customers free credit monitoring for a year. I received free credit monitoring from 2 or 3 other financial institutions over the past 5 years due to breaches. There's no such thing as a 100% secure system.
Re: Credit Card Breach
The first level customer support is an outsourced call center, probably not the best source for any legal questions. It's possible that they were just being dismissive, thinking that they were dealing with yet another caller making wild accusations without evidence. Contacting Ooma by email might have worked out better.
It would be absolutely crazy to conclude that Ooma couldn't comply with basic disclosure laws regarding security breaches. But Ooma's liability may not extend much beyond that; their privacy policy contains what looks like a fairly standard disclaimer:
It would be absolutely crazy to conclude that Ooma couldn't comply with basic disclosure laws regarding security breaches. But Ooma's liability may not extend much beyond that; their privacy policy contains what looks like a fairly standard disclaimer:
Ooma's legal terms expands upon that, with similar disclaimers:8. Security: Ooma makes reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, no system or service can offer a 100% guaranty of security, especially a service that relies upon the public Internet and public phone system.
10. Additional Terms of Equipment and Service ... (f) Cyber Security: We maintain administrative, technical and physical security measures and safeguards designed to protect the confidentiality and security of your personal information. Unfortunately, no information transmission or storage system on the Internet is 100% secure. As a result, we cannot guarantee, ensure, or warrant the security of any information or Content you transmit to us. There is no guarantee that information or Content will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
14. Warranties ... (d) No Other Warranties: ... WE DO NOT WARRANT THAT THE EQUIPMENT OR ANY SERVICES WILL BE FREE FROM ... BREACH OF DATA OR NETWORK SECURITY ...