Re: Their fault
"Since I see all the bad puns have already been spoken for, I will jump in and say that this is clearly the fault of the company. If a medium-sized fishing supply company does not have expert information security staff"
While I sense some sarcasm in this post, this is actually entirely correct. This isn't some little corner shop with only a couple of employees, it's a decent size chain with over 40 physical stores in multiple countries, millions of customers, tens of millions in revenue, millions in profit, and listing on a major stock exchange. So yes, they absolutely should have expert IT security staff. If you want to run an online shop serving millions of people, that's just part of the cost of doing business. Obviously punishing lowly shop staff wouldn't be appropriate, but chair and board? Absolutely. It's their responsibility to run things properly, and they clearly have not done so. You can make some allowances for why something like a local church group run by a couple of octogenarians might not have the greatest IT security, but Angling Direct is well past the size where those kinds of excuses hold water.