Monday, February 06, 2006

Boston Breach, Continued...

Continuing to look at the Boston Globe/Worcester Telegram & Gazette breach, I learned that my mother-in-law was one of the affected subscribers. I spoke with her at length last week when I learned of her situation.

I suspect my mother-in-law's experience is fairly representative of most whose credit card or banking data was compromised by that event on the morning of January 30. She heard of the breach from a news report and found out on her own, four days later, that her credit card data was among those on printouts used to wrap bundles of the paper for morning delivery.

After calling the Globe's hotline to confirm, she took appropriate action with her credit card company, but when I spoke to her she seemed to have more questions about the integrity of the personally identifiable information. Was her Social Security Number disclosed? What about her address?

She still has not received a notification letter from the Globe, but I will obtain a copy of that document when it arrives and offer an analysis of its content.

Massachusetts does not have a credit breach notification law, but precedent set nearly a year ago by ChoicePoint all but demands that organizations responsible for the breach of PII in their care take steps to notify affected consumers. Senator Jarrett Barrios is calling for a new state law to address the situation. Federal lawmakers are all but certain to pass a national law that will supersede individual state laws addressing this issue.

Once I have had a chance to read and analyze the Globe's letter of notification, I'll give you my thoughts.


Post a Comment

Links to this post:

Create a Link

<< Home