Over the last year, I have read at least a dozen stories of lost or stolen personal data. Data that could be used to steal people's identities, ruining people's credit and causing tremendous grief. Most of these stories started with the physical loss or theft of a laptop or a hard disk. Sometimes, the cause was an electronic break-in (as in the case of TJ Maxx). And, in a few cases, the culprit was an insider who willfully stole or misused the data.
Yesterday, I received a letter from Certegy informing me that I was one of 2.3 MILLION people whose financial data was compromised by one of their employees. The employee sold the data, which included name, address, telephone number, account number, expiration date (in the case of credit/debit cards) and possibly transactional data and birth date. Per the letter I received, "The data was sold to a data broker who in turn sold a subset of that data to a limited number of direct marketing organizations."
Also per the letter I received, "Certegy provides check authorization services to U.S. retail merchants and also provides certain credit-card related services to the gaming industry." For me, it turns out that it was my checking account information.
Certegy urged me to monitor my account and credit report for any unusual activity. They suggested that I put a Fraud Alert on my report, which the three major credit services offer for free for 90 days. This would alert me if anyone were trying to open an account in my name. They also offered that I may want to put a Credit Freeze on my account which would prohibit the agencies from sharing my credit information with anyone without my consent. The alert lasts for 90 days, but Certegy suggests that I closely monitor my accounts for two years. Lovely.
The company has said that it has filed a civil suit against the employee and has authorized the seizure of computing equipment from the data broker. They claim to be in the process of reclaiming the data from the other companies it was subsequently sold to.
Yeah. Good luck with that. A marketing firm's relationship with a mailing list is like a toddler's relationship with a cold virus. By now, the data has probably been sold and resold at least a dozen times. It's part of the way these firms make money is by reselling their contact lists.
As they suggested, I have put a fraud alert on my credit report. And, I suppose I will be more watchful of my accounts.
As I noted all the stories coming out in the last year, it never occurred to me that I would be one of the unlucky victims in one of these stories. However, we live in an age where our data is everywhere. Someone is bound to lose it, sell it, or steal it, at some point.
Get ready for it. It WILL eventually happen to you. Maybe it already has, and you just haven't gotten your fateful letter yet. After all, it just did happen to 2.3 million people.
Tuesday, July 10, 2007
Subscribe to:
Post Comments (Atom)
3 comments:
This one was very embarassing for my profession. The culprit was the database administrator -- the guy responsible for protecting the data. He was the fox guarding the henhouse -- he stole his own database and sold it! Want to bet consultants start selling management on the idea of systems to watch the watchers? SIGH...
In MY profession, we call this INSIDER THREAT. (grin) And, yes, it is of much higher focus than all the malware attacks that we watch for.
Happened to she-who-must-not-be-named. We are still not sure how. But someone in New York opened a Sears card in her name.
Huge pain in the a$$. I think we should be able to take legal action against the credit card companies who are so desperate for your money that they remove any safeguard they can to get you a card.
Did you know that in many places they no longer require a signature for purchases under $50?!?
Post a Comment