Blockbuster personal documents found in dumpster
Technorati Tag: Security Breach
Date Reported:
10/23/07
Organization:
Blockbuster
Contractor/Consultant/Branch:
Sarasota (FL) Retail Store
Victims:
Customers and job applicants
Number Affected:
Unknown
Types of Data:
Membership forms and employment applications containing names, addresses, credit card numbers, and Social Security numbers
Breach Description:
Membership forms and employment applications belonging to a Sarasota, Florida Blockbuster video store were found in a dumpster. The forms contained sensitive personal information about customers, employees and job applicants.
Reference URL:
Herald Tribune Story
Herald Tribune VIDEO
Report Credit:
Jonathan Murray (citizen who reported the incident)
Cathy Zollo, HeraldTribune.com
Response:
From the online resources cited above:
"Jonathan Murray was fishing in a trash container for boxes Friday when he found what could have been a thief's bonanza."
[Comfyllama] Thankfully, Mr. Murray is honest and reported the incident to the authorities. In the wrong hands this data could have been very damaging to victims.
"Amongst the trash from a Blockbuster video store were membership forms and employment applications that included names, addresses, credit card numbers and Social Security numbers."
[Comfyllama] This is a "thief's bonanza". I just like to say the word "bonanza". In all seriousness though, this is some very confidential information that should NEVER be discarded in such an insecure manner.
"Federal and state officials said no law was broken in the incident, but Florida law puts the onus on Blockbuster to inform its customers of the security lapse."
[Comfyllama] Contrary to some beliefs, disclosing confidential data is NOT against the law in this case. The law just states that organizations must inform victims after the fact.
"There is a statute that requires businesses who maintain records and databases with consumer personal identification to alert them if their information has been breached or hacked," said Sandi Copes, spokeswoman for the attorney general's office. "They do have to reach out to consumers."
"Two federal laws protect consumer information involving credit reports as well as information going to financial institutions but do not apply in this case."
"The paperwork that was available to anyone chancing to peer into the trash container included information that in the wrong hands could easily translate to identity theft, experts say. Identity theft is the fastest growing crime in America, with financially devastating results for some 10 million victims each year, according to the the Federal Trade Commission. On average, victims of the crime spend 350 hours and two years rebuilding a secure identity."
[Comfyllama] This is good information for anyone who questions whether or not the security of personal information is really a problem, and yes there are those people that think so.
"That is what's driving state and federal legislators to pass privacy laws," said David Reed, owner of ShredQuick, a Sarasota firm that specializes in disposal of sensitive information.
[Comfyllama] Yuck, more laws = more compliance, more audits and more cost. Life would be so much better if people just did the right thing and used a little common sense. Lack of honesty and judgment led to SOX and HIPAA.
"According to our corporate policy, documents generated in store, including customer information, must be destroyed when no longer kept on file," said Randy Hargrove, spokesman for Blockbuster Inc.
"The company is conducting its own investigation into the matter, he said. Those responsible are subject to disciplinary action up to being fired."
"Murray is giving the documents to the Sarasota County Sheriff's Office, which will keep the records pending an investigation, said Lt. Chuck Lesaltato, sheriff's spokesman."
[Comfyllama] I hope the sheriff destroys the documents securely when they are done.
"Terri Smith's membership application for the store that included her name, address, phone number and credit card information was among some 400 other documents with people's personal data."
"Smith, a Sarasota resident, said she never gave much thought to identity theft or what happens to information once she gives it to a company such as Blockbuster, but that has changed."
[Comfyllama] I think too many people still have the "it could never happen to me" attitude.
"You're in business," he said. "You're supposed to know certain things. You can't just throw away people's private information." - David Reed, owner of ShredQuick
[Comfyllama] Amen brother!
Commentary:
According to the story, Jonathan Murray notified the store about the first batch of confidential and personal information only to find credit card data in the same dumpster the very next day! Many of the companies I consult for use the secure document shredding boxes spread throughout the building. Either use a trusted third-party to securely destroy unneeded confidential documents or shred them yourself.
For reference:
Paper Shredder FAQ
Past Breaches:
Unknown
Date Reported:10/23/07
Organization:
Blockbuster
Contractor/Consultant/Branch:
Sarasota (FL) Retail Store
Victims:
Customers and job applicants
Number Affected:
Unknown
Types of Data:
Membership forms and employment applications containing names, addresses, credit card numbers, and Social Security numbers
Breach Description:
Membership forms and employment applications belonging to a Sarasota, Florida Blockbuster video store were found in a dumpster. The forms contained sensitive personal information about customers, employees and job applicants.
Reference URL:
Herald Tribune Story
Herald Tribune VIDEO
Report Credit:
Jonathan Murray (citizen who reported the incident)
Cathy Zollo, HeraldTribune.com
Response:
From the online resources cited above:
"Jonathan Murray was fishing in a trash container for boxes Friday when he found what could have been a thief's bonanza."
[Comfyllama] Thankfully, Mr. Murray is honest and reported the incident to the authorities. In the wrong hands this data could have been very damaging to victims.
"Amongst the trash from a Blockbuster video store were membership forms and employment applications that included names, addresses, credit card numbers and Social Security numbers."
[Comfyllama] This is a "thief's bonanza". I just like to say the word "bonanza". In all seriousness though, this is some very confidential information that should NEVER be discarded in such an insecure manner.
"Federal and state officials said no law was broken in the incident, but Florida law puts the onus on Blockbuster to inform its customers of the security lapse."
[Comfyllama] Contrary to some beliefs, disclosing confidential data is NOT against the law in this case. The law just states that organizations must inform victims after the fact.
"There is a statute that requires businesses who maintain records and databases with consumer personal identification to alert them if their information has been breached or hacked," said Sandi Copes, spokeswoman for the attorney general's office. "They do have to reach out to consumers."
"Two federal laws protect consumer information involving credit reports as well as information going to financial institutions but do not apply in this case."
"The paperwork that was available to anyone chancing to peer into the trash container included information that in the wrong hands could easily translate to identity theft, experts say. Identity theft is the fastest growing crime in America, with financially devastating results for some 10 million victims each year, according to the the Federal Trade Commission. On average, victims of the crime spend 350 hours and two years rebuilding a secure identity."
[Comfyllama] This is good information for anyone who questions whether or not the security of personal information is really a problem, and yes there are those people that think so.
"That is what's driving state and federal legislators to pass privacy laws," said David Reed, owner of ShredQuick, a Sarasota firm that specializes in disposal of sensitive information.
[Comfyllama] Yuck, more laws = more compliance, more audits and more cost. Life would be so much better if people just did the right thing and used a little common sense. Lack of honesty and judgment led to SOX and HIPAA.
"According to our corporate policy, documents generated in store, including customer information, must be destroyed when no longer kept on file," said Randy Hargrove, spokesman for Blockbuster Inc.
"The company is conducting its own investigation into the matter, he said. Those responsible are subject to disciplinary action up to being fired."
"Murray is giving the documents to the Sarasota County Sheriff's Office, which will keep the records pending an investigation, said Lt. Chuck Lesaltato, sheriff's spokesman."
[Comfyllama] I hope the sheriff destroys the documents securely when they are done.
"Terri Smith's membership application for the store that included her name, address, phone number and credit card information was among some 400 other documents with people's personal data."
"Smith, a Sarasota resident, said she never gave much thought to identity theft or what happens to information once she gives it to a company such as Blockbuster, but that has changed."
[Comfyllama] I think too many people still have the "it could never happen to me" attitude.
"You're in business," he said. "You're supposed to know certain things. You can't just throw away people's private information." - David Reed, owner of ShredQuick
[Comfyllama] Amen brother!
Commentary:
According to the story, Jonathan Murray notified the store about the first batch of confidential and personal information only to find credit card data in the same dumpster the very next day! Many of the companies I consult for use the secure document shredding boxes spread throughout the building. Either use a trusted third-party to securely destroy unneeded confidential documents or shred them yourself.
For reference:
Paper Shredder FAQ
Past Breaches:
Unknown
Posts Atom 1.0
Comments