Saturday, February 04, 2006

Boston Globe Hands Out 202,000 Credit Card Numbers

We can add the Boston Globe to a growing list of corporations that have compromised people's financial information. Sadly enough, this wasn't done by a hacker, but was more of a faux-pax (social blunder). 202,000 Globe and Worcester Telegram and Gazette readers had their names and credit card numbers complete with expiration dates sent out as routing slips on the top of newspaper bundles.

In doing this, they literally handed out everything that a criminal would need to start committing credit card fraud.

Here is one of the stories about this circulating by the Boston Herald:

Fraud follows Globe goof: 3 say others used their credit cards

According to the ID Theft Center, the recent rash of data breaches have occurred in many different ways:

Lost or stolen laptops, computers or other computer storage devices.

Backup tapes lost in transit because they were not sent either electronically or with a human escort.

Hackers breaking into systems.

Employees stealing information or allowing access to information.

Information bought by a fake business.

Poor business practices- for example sending postcards with Social Security numbers on them.

Internal security failures.

Viruses, Trojan Horses and computer security loopholes.

Info tossed into dumpsters- improper disposition of information.

The Boston Globe is just another in a growing list of organizations, who have compromised the information of their customers. Others in the news recently for "data breaches" have been Choice Point, Wachovia Corporation, Bank of America, Time Warner and even educational institutions, such as Boston College and the University of California, Berkeley. Although these institutions are in fact victims themselves, many of these breaches occurred because of a lack of security and even what some would consider "stupidity."

To protect us all, there is a lot of legislation on the books and quite a bit that has been passed. Here are two posts regarding this:

Personal Data and Security Act Moves Forward

Terminating Identity Theft in California

Prudent corporations should realize that the time is NOW to take a serious look at protecting the assets of those, whom they claim are dear to their hearts, or their customers. Besides potentially being in violation of the law, "consumer confidence" is a powerful indicator of whether they will be successful in the future, or not.

A great resource to learn how to protect yourself against identity theft is the Identity Theft Resource Center. If you click on the title of this post, it will take you directly to their web site.

2 comments:

prying1 said...

Sure am glad I don't live in Boston. - Hey! This is another good reason (besides the obvious) for me to NOT take the L.A. Times!!!

travis said...

Since the S.1789 bill is in the Judiciary Committee, it doesn't look like it will get much attention from those guys for a while. Here's the bill summary. There have been no hearings yet.