The Boston Globe Leaks…
The Credit card information of its users! Hackers and identity thieves lust after lists of credit cards like this. Instead of having to hack a website to get the information, they only need to wait for the Globe to give away their information. From Yahoo here:
BOSTON–(BUSINESS WIRE)–Jan. 31, 2006–The Boston Globe and Worcester Telegram & Gazette are notifying their home-delivery subscribers who pay by credit or bank card that some customers’ confidential credit card numbers were inadvertently printed on the backs of routing slips attached to newspaper bundles that were sent to retailers and newspaper carriers in the Worcester area this past weekend.
Information on up to 240,000 customers may have been distributed.
The Telegram & Gazette is also notifying its subscribers that routing information for the personal checks of 1,100 subscribers may have been inadvertently released with some of the bundles.
“We deeply value the trust our subscribers place in us and we are working diligently to remedy this unfortunate situation,” said Richard H. Gilman, publisher of the Boston Globe. “Immediate steps have been taken internally at the Globe and Telegram & Gazette to increase security around credit card reporting. We regret the disruption and inconvenience that this incident may cause.”
Payment information was mistakenly included on the reverse side of individual routing slips that were attached to up to 9000 bundles of Sunday Telegram & Gazette newspapers. No single customer name was distributed on any more than two bundles. The routing slips are typically discarded shortly after the bundles are delivered.
The incident took place when discarded internal reports were inadvertently recycled as the paper for printing the routing slips. The Telegram & Gazette has immediately discontinued the practice of reusing paper in this manner. Enhanced security measures have been put into place to assure the confidentiality of customer information at both newspapers.
The Globe has contacted the four major credit card companies — American Express, Discover, MasterCard and Visa — to advise them of the situation. Likewise, the Globe is contacting the banks of affected subscribers.
The Boston Globe and The Worcester Telegram & Gazette urge subscribers to contact their credit card companies if they are concerned about unauthorized transactions.
The New England Media Group is part of The New York Times Company
And from the WaPo here:
A scary slip-up indeed. The Boston Globe today sent a message to its subscribers about what it calls “an unfortunate event” that happened over the weekend.
The event: Confidential credit and bank account information of Globe and Telegram & Gazette (of Worcester, Mass.) was inadvertently disclosed on the back of slips used to label bundles of the Sunday Telegram. The records of about 240,000 customers may have been released.
The Globe said it was notifying the four major credit card companies, contacting the banks of its subscribers and mailing notices to affected customers. Meanwhile, it warned its readers to monitor their credit card bills and bank statements carefully. That’s good advice to follow all the time–even if you’re not a Globe subscriber.
I find it very hard to believe that this was a simple mistake. Why would anyone create a hard copy of this data? And why wasn’t this data shredded after it was no longer needed? How was it that the data was available to be used by the paper bundling crew?
Customer information and its credit card data should be kept on electronic media, encrypted and password protected, and accessible by only highly trusted staff. But someone printed this information from unprotected media. Why? To provide a report to the VP of finance? To provide data for an audit? Not likely.
I suspect that someone on the staff may have printed this information for monetary gain, and had intended to sell it to identity thieves. The printout is too bulky to walk with out the front door, so to get that information out, it would be easy to throw the paper in the trash and retrieve it after hours by dumpster diving. But someone decided to recycle this paper instead and use it for wrapping the news bundles.
And what good will it do for the Globe to call peoples’ banks? What would you tell a bank? Uh, watch out for unauthorized access to this account?
Also, is there an investigation underway? Has a crime been committed?