[Subscribe to Daily Digest] |
About a month ago, I received a postcard from MasterCard that I needed to call them because of a data security issue. When I called in I was instructed that I needed to get a new account number because there was the "potential" or "possibility" that information from my account was compromised. This happened last year with my Discover card also (and was well documented in the news) when a transaction processing company sent processed records through the mail without using encryption and the disks were "lost".
Well I haven't read of any data compromise recently. Just this week my wife received a call from our bank and they needed to issue her a new debit card (Visa) that is tied into her checking account. The also told her that Visa notified them of a list of people who should have new cards issued because of a potential data security "compromise".
Both my wife and I insisted that we had the right to know what data had been compromised and by whom. In neither case were we provided the information (and both of us were basically told to take a hike). I've researched these data compromises for the past few weeks and have come up with nothing. Last year and the year before these data compromises were well documented and in the news almost every day.
One of the projects I work on at my job entails handling personal information (account numbers, dob, ss, etc) and we have strict protocols for both handling the data and transfering the processed data between parties. This includes strict use of PGP 128 bit encryption (at a minimum) and many other SOP's to reduce the risk of data being compromised (including data wiping). Having dealt with projects for people that handle this type of data I've been routinely shocked that these parties who require their vendors to follow these strict protocols DO NOT follow them themselves and often have to be reminded of how data needs to be handled. At first I thought these were "tests" to see if we were following the procedures, but as time passed I soon realized these institutions were simply careless in handling sensitive data and seemed not to give a damn about data security and identity theft.
So my question is was there a recent data compromise that hasn't reached the headlines? What are my rights to know what types of data were compromised (were they simply account numbers or DOB and SS also)? Why doesn't anybody seem to care about these issues that have the potential to create significant financial and credit damage to many innocent individuals?
Just curious, that is all.
posted by 69.248.149...
No Site Registration is Required to Post - Site Membership is optional (Member Features List), but helps to keep the site online
for all Saabers. If the site helps you, please consider helping the site by becoming a member.