I must admit to being curious as to exactly when they knew about the data breach. The timing of the surprise website revamp (which caused inconvenience to customers) is awfully suspicious; and it takes time to contact the law, legal, developers, etc.
Interestingly, Colorado (which appears to be where HTH is based) has a new Data Protection law aimed at such breaches requiring 30-day user notification; however it's unclear whether this applies since a) the breach occurred prior to September 1, when the law came into force, and b) the data released may not constitute "personal information" as defined within the law.
I must admit to being curious as to exactly when they knew about the data breach. The timing of the surprise website revamp (which caused inconvenience to customers) is awfully suspicious; and it takes time to contact the law, legal, developers, etc.
Interestingly, Colorado (which appears to be where HTH is based) has a new Data Protection law aimed at such breaches requiring 30-day user notification; however it's unclear whether this applies since a) the breach occurred prior to September 1, when the law came into force, and b) the data released may not constitute "personal information" as defined within the law.