Smartphone maker OnePlus failed to notify customers of a mid-November data breach until more than a week had passed.
Unauthorized parties hacked into OnePlus servers, accessing the names, email addresses, and shipping details for about 3,000 customers in India. OnePlus took prompt steps to stop the intruder and beef up security, but did not disclose the incident promptly.
Several days after detecting the breach, OnePlus updated its website with a public statement acknowledging the breach and stressing that payment information, passwords, and customer accounts were safe. The company compiled a FAQ about the breach and documented the actions it took in response.
OnePlus did not begin notifying customers directly about the breach until the day after it updated the website. The company also did not immediately disclose how many accounts were affected.
OnePlus has now let customers know that they might receive spam and phishing emails as a result of the incident. The company has announced that it will partner with a “world-renowned security platform” starting in December.
Early in 2018, OnePlus confirmed that credit card information on more than 40,000 users was accessed by an unauthorized third party.