My Daily Choice took its website offline February 15th, admitting to a ransomware attack that compromised customer data. The company then erased the public notice, leaving users in the dark about the extent of the exposure.
Hackers breached My Daily Choice's systems, potentially accessing personal and financial details of both distributors and retail customers. The company initially acknowledged the incident, stating its IT team and cybersecurity consultants were investigating. It advised affected individuals to watch for unusual account activity.
This brief period of transparency lasted less than two days.
The initial disclosure was direct. My Daily Choice stated unequivocally that cybercriminals had infiltrated its network. The warning advised vigilance regarding personal information and financial records. This was the appropriate first step, signaling a commitment to informing those impacted.
But the company's commitment faltered. The public statement vanished from the website, leaving no trace of the admission. This retraction raises serious questions about My Daily Choice's intentions and its duty to its customer base.
Removing a data breach notification does not erase the breach itself. It only serves to leave individuals vulnerable and uninformed. Customers who did not happen to see the initial announcement are unaware their sensitive data may have been compromised. They will not take necessary protective measures, such as monitoring financial accounts for fraudulent transactions.
The company's immediate public acknowledgment was commendable. It avoided attempting to conceal the news or wait for external discovery. The statement clearly outlined the situation, the company's response, and provided concrete steps for customer protection. This approach aligned with best practices for crisis communication.
However, the subsequent removal of the disclosure undermines that initial good faith. It suggests an intent to acknowledge the breach only long enough to claim disclosure, then make the information disappear before widespread awareness could take hold. This is not transparency; it is an attempt to cover up a serious security failure.
Ransomware attacks on direct sales and e-commerce platforms frequently target customer databases. My Daily Choice's original warning indicated the severity of the breach necessitated a complete system shutdown. This level of disruption did not change simply because the company deleted its public notice.
Distributors and customers who depend on My Daily Choice have a right to know what happened to their personal information. They deserve continuous updates on the investigation's progress. They need confirmation on whether their data was indeed accessed by malicious actors. A two-day notice followed by silence is unacceptable.
True transparency means standing by disclosures, not making inconvenient truths vanish. My Daily Choice had an opportunity to act responsibly toward its customers. Instead, it opted to make the problem disappear from public view.
The company's website is now back online, but the original disclosure remains absent. Affected parties are left to guess the full scope of the compromise.
