This is even more -stupid- (sorry, can not find a better word). By not communicating and re-assuring your users, your customers, you are building fear and anxiety and diminishing trust. You do not show you are in control.Beside, I am not sure how much what you say should be taken for granted. I have, myself, worked with the CNIL as well, they do not recommend or tell you what to do (pro active). They evaluate what you have done and if it was enough (reactive). I think you made, at least a big communication mistake. Learning this from security monitoring site such as HaveIBeenPwnd makes you look like clueless and careless about your own users and data. I stand to my initial statement. If, when, I receive an answer from the support about this and it is not satisfying, I will fill a complain with the CNIL and I would recommend the same to anyone who is not sure about the way you have handle this incident. If it can not change what happened and how you handled the incident anymore, it may
@katy8439 Totally aligned with you.They are the data processor and should take care of their processors. Then should have warned the data subject.It is higly worrying that they did not feel necessary to inform us.I have asked them to justify the reason for deciding to not let the data subject been informed. Depending on their answer, I will raise the concern to the CNIL, unless I am mistaklen, this is the authority they are depending from.https://www.cnil.fr/fr/agirTo be used once you tried to contact Deezer and they fail to answer or their answer is not satisfying enough to you. I can not believe that I have been informed of this by HaveIbeenpwnd or Firefox monitor (which I thank for that)
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.