CLT
UPDATE
Saturday, February 4, 2006
"We sincerely apologize for the
inconvenience":
The fallout begins
Three Boston Globe customers yesterday reported
unauthorized use of their credit cards, four days after the newspaper
mistakenly released the personal financial information of as many as
202,000 subscribers....
"We’re concerned to hear about these reports and we’ve urged the
affected customers to contact their bank or credit card company
immediately to protect themselves. These companies are trained and ready
to handle such matters," [Globe spokesman Al] Larkin said.
The Boston Herald
Friday, February 3, 2006
Fraud follows Globe goof:
3 say others used their credit cards
The Boston Globe’s inadvertent release of customers’
financial information Sunday has hit former subscribers as well, the newspaper
confirmed yesterday....
So far, four people have reported unauthorized use of their credit cards.
The Boston Herald
Saturday, February 4, 2006
Globe goof may hit ex-subscribers
The unintentional disclosure Sunday of customers' financial
information by The Boston Globe and the Worcester Telegram & Gazette raises
questions about potential fraud and identity theft. Here are some
recommendations for taking action that would apply to this instance . . .
Q. Should affected consumers close accounts and open new ones?
A. "If people want absolute security, yes," Dworsky said.
The Boston Globe
Saturday, February 4, 2006
Take steps to avoid fraud, ID theft
After newspapers' error, consumers have options
The private information of your subscribers was not "lost or
stolen." It was released through your gross negligence.
This is either shoddy reporting or a less-than-clever attempt to shift the
blame.
The Boston Globe
Saturday, February 4, 2006
Letter to the editor
You can't spin lapse in data security
Chip Ford's CLT Commentary
And so it has begun, less than a week after the
unintentional data dump by the Boston Globe and Worcester Telegram &
Gazette: the first cases of attempted credit card theft have
occurred. Three as of yesterday, four as of this morning, it's
reported. I can't believe that's the end of it, now that it's
started. None of the so-called "toppers" -- the T&G's recycled
circulation wrappers of bundled newspapers -- contained only four names,
addresses and credit card numbers, did they? Four newspapers
hardly need to be bundled.
One "topper," at least, fell into criminal hands.
More victims will undoubtedly follow. Those victims likely won't
know until their credit card bills begin to arrive, if they're paying
attention.
"We seriously apologize for the inconvenience."
From what the Boston Globe published today, surely
reporter Chris Reidy recognized that it's more than an "inconvenience"
at this point for victims of this "inadvertently disclosed" release of
highly-confidential information -- when a step-by-step set of
instructions for how to protect yourself from identity theft and credit
card fraud is so clearly spelled-out in such detail.
Now we've learned that even "past subscribers" are
also at-risk. Why are past subscribers even still in the Boston
Globe's credit card database, and how long does the newspaper keep us
there even when we demand to be removed? ("I cancelled CLT's
credit card subscription and was assured that the credit card number was
immediately purged from any/all of its databases." -- CLT Update, Feb.
1, "Credit
Card Identity Theft Alert!")
If you've ever been a Boston Globe or Worcester
Telegram & Gazette subscriber, I advise you to scrutinize your credit
card bills very carefully -- as you should anyway.
|
 |
|
Chip Ford |
The Boston Herald
Friday, February 3, 2006
Fraud follows Globe goof:
3 say others used their credit cards
By Jennifer Heldt Powell
Three Boston Globe customers yesterday reported unauthorized use of
their credit cards, four days after the newspaper mistakenly released
the personal financial information of as many as 202,000 subscribers.
A Globe spokesman said he didn’t know the specifics of the unauthorized
credit card transactions, though he said the customers did incur some
losses. Those customers have since canceled their cards, spokesman Al
Larkin said.
As of 3 p.m. yesterday, the Globe had received roughly 37,000 phone
calls from customers in the aftermath of last Sunday’s distribution
debacle. The names and credit card numbers and expiration dates of as
many as 202,000 Globe and Worcester Telegram & Gazette subscribers were
released Sunday when internal reports were recycled as routing slips on
the top of newspaper bundles.
The Globe announced the gaffe Monday evening, and set up hotlines and a
Web site for customers to determine if they were affected.
"We’re concerned to hear about these reports and we’ve urged the
affected customers to contact their bank or credit card company
immediately to protect themselves. These companies are trained and ready
to handle such matters," Larkin said.
He said customers brought the unauthorized credit card use to the
Globe’s attention.
Globe officials yesterday met with Attorney General Tom Reilly’s staff
and outlined steps taken to notify customers. The paper agreed to
include additional information for consumers in future communications,
Larkin said.
Several lawmakers yesterday called for stiffer consumer-protection laws,
such as requiring companies to notify customers when financial
information has been stolen or mistakenly released. What happened at the
Globe is "impermissible, but it is not illegal," said Sen. Jarrett
Barrios (D-Cambridge). "It is legal to hide disclosures."
Lawmakers yesterday said the Globe did the right thing in quickly
notifying the public that information had been released. But they said
the paper could have done more to notify individual customers.
The lawmakers are backing legislation that would require companies to
notify customers of compromised data within 10 days. It would also allow
customers to shut down credit-history access.
Return to top
The Boston Herald
Saturday, February 4, 2006
Globe goof may hit ex-subscribers
By Jennifer Heldt Powell
The Boston Globe’s inadvertent release of customers’ financial
information Sunday has hit former subscribers as well, the newspaper
confirmed yesterday.
The Globe and the Worcester Telegram & Gazette said as many as 202,000
customers may have had their personal data compromised after credit card
information was sent out on paper that had been recycled to use as
routing slips on bundles of newspapers.
Globe executives discovered late Thursday night that the names and
credit card information of people who no longer get the newspaper were
also included, a spokesman said.
Letters are being sent to all customers who may be affected. The Globe
also has a hotline and Web site for people to check whether their
information was released.
So far, four people have reported unauthorized use of their credit
cards.
Return to top
The Boston Globe
Saturday, February 4, 2006
Take steps to avoid fraud, ID theft
After newspapers' error, consumers have options
By Chris Reidy, Globe Staff
The unintentional disclosure Sunday of customers' financial information
by The Boston Globe and the Worcester Telegram & Gazette raises
questions about potential fraud and identity theft. Here are some
recommendations for taking action that would apply to this instance, as
well as others that have occurred with other companies in recent years.
Q. My credit-card or debit-card data was affected by the security
breach. What should I do?
A. The Massachusetts attorney general's office suggests consumers call
one of the three major credit bureaus and place a one-call fraud alert
on their credit reports. The bureaus are Equifax (phone: 800-525-6285),
Experian (888-397-3742), and TransUnion (800-680-7289). You need contact
only one bureau. It's required to alert the other two.
This fraud alert, which remains in your credit file for at least 90
days, requires credit card companies or retailers offering their own
credit cards to contact you before new accounts can be opened. That can
protect you from those using your personal information to steal your
identity and set up phony accounts. Contact the fraud departments of
your credit card-issuers or bank to alert them to monitor your account
for suspicious activity.
Q. What else should I do?
A. Scrutinize your accounts, and order a copy of your credit report to
look for unauthorized activity. If a consumer has an online account,
Edgar Dworsky, a former Massachusetts assistant attorney general,
recommends checking it frequently. Immediately contact the bank or
credit card issuer if any unauthorized transaction is spotted, said
Dworsky, founder of the consumer resource guide ConsumerWorld.org.
Q. What if a consumer doesn't have a computer?
A. "Peruse your monthly statements very carefully and make sure all
transactions are yours," said Bruce Spitzer, spokesman for the
Massachusetts Bankers Association. He added: "Many people incorrectly
assume that identity theft will automatically take place if a data
breach occurs. In fact, ID theft is rare." Subscribers whose information
has been compromised should be suspicious of unsolicited phone calls,
e-mails, and letters asking for additional personal information.
Q. If a subscriber's credit card has been compromised, what's the
cardholder's liability?
A. "For a Massachusetts credit-card holder, the maximum liability for
unauthorized transactions is $50," said Joseph A. Leonard Jr., general
counsel for the Massachusetts Division of Banks.
Q. If you've got a bank debit card and someone misuses it, are you more
vulnerable than if you have a credit card?
A. Different regulations apply to debit cards, Leonard said. Under
federal guidelines, liability can be determined by how quickly consumers
notify their financial institutions after learning of unauthorized
transactions. Act within two business days after discovering a loss or
theft, and liability can be limited to $50. If consumers fail to notify
their financial institutions within 60 days of receiving a statement
showing an unauthorized transfer, they can face unlimited liability for
all unauthorized transfers made after the 60-day period.
Q. So debit-card holders are especially at risk?
A. Some banks and credit-card companies have their own policies. Visa
and MasterCard offer the same protections on debit cards that include
their logos as they do on their credit cards, said spokesman John Hall
of the American Bankers Association. "Consumers are liable for the first
$50 of fraudulent use of those cards," he said, but that $50 is often
waived. At Bank of America, spokesman Ernesto Anguilla said: "You are
100 percent protected from any unauthorized transactions on your Bank of
America accounts," provided customers notify the bank within 60 days of
receiving a statement that shows an unauthorized transaction.
Q. What else should consumers do?
A. In the case of potentially affected Globe and T&G subscribers,
Dworsky recommends they take up the newspapers' offer to provide free
credit-monitoring service for a year. The program is designed to provide
deeper and more frequent monitoring of suspicious activity. The Globe
plans to send a letter to subscribers shortly with more details about
that program.
Q. Should affected consumers close accounts and open new ones?
A. "If people want absolute security, yes," Dworsky said.
Return to top
The Boston Globe
Saturday, February 4, 2006
Letter to the editor
You can't spin lapse in data security
Your front-page story on Feb. 1 regarding the release of private
information on up to 240,000 Globe subscribers called the incident one
of a long line of cases in which sensitive financial information has
been lost or stolen. The private information of your subscribers was not
"lost or stolen." It was released through your gross negligence.
This is either shoddy reporting or a less-than-clever attempt to shift
the blame.
Vincent J. Lembo, Norwood
Return to top
NOTE: In accordance with Title 17 U.S.C. section 107, this
material is distributed without profit or payment to those who have expressed a prior
interest in receiving this information for non-profit research and educational purposes
only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml
|