Tuesday, July 01, 2008

Consumers are not always told about breaches, even when their credit card companies are informed

There are media reports to the effect that the records of about 51000 customers of Montgomery Wards were exposed in a security breach.

Wards had gone out of business in 2001 (I remember shopping there when I lived in Dallas in the 1980s, particularly at the Mesquite Mall). The brand name (and trademark) were taken out of bankruptcy by a 2004 purchase by Direct Marketing Services. Citibank detected an intentional security breach in December of that year. Direct Marketing informed Visa and MasterCard but not the individual customers. Apparently 3-digit card security codes (often required by e-commerce websites), card account numbers, customer names and billing addresses had been compromised.

44 states have laws requiring that consumers be notified, but silence had been an industry norm for years. This practice might have even contributed to a sudden $600 charge on my credit report in 2000, resulting in sudden action against me by a collection agency that had bought the “vampire debt.”

The AP story appeared on AOL yesterday at this link. There was a survey that indicates that most customers do not believe credit card companies are sufficiently careful with personal information, but most AOL visitors do use credit cards anyway. Curiously, the story gets a “not found” when accessed on AP’s own site. The AOL link is here and may require subscription and become archived.

No comments: