Comments on: Verizon gaffe lets customer details slip

Spreadsheet with limited data on more than 5,000 wireless subscribers was accidentally e-mailed to other customers.

[ml_ess]

Could'a, should'a...

Woops, they did it again..! This would be shocking news, if we didn't hear stories like this all the time... "Private data distributed to unauthorized parties! Risk of identity theft rampant!"

Lesson learned here: private businesses and government organizations need to invest in email anti-theft software that secures outbound email... which often contains customer data, employee information and other crucial corporate assets.
http://essentialsecurity.com/Documents/article10.htm

[troob]

How DOES one just email 5,210 people?

I'm a Verizon Wireless customer. And I'm wondering how DOES one only just email 5,210 people? I see no apology on VZW's web site acknowledging this mess, either. Perhaps time to get blankety-blank outta Dodge, Marshall Dillon.

[mveronica]

What precautions are being taken?

The article fails to explain what "additional quality control procedures and process improvements" are being implemented to "prevent a re-occurrence". If this means that the people who accidently attached the database to the email or going to a get a slap on the wrist and a warning that if it ever happens again, it's termination of employment, I would not be satisfied as a Verizon customer. You'd think that after the AOL incident, a red flag would go up to all companies who possess sensitive customer information. Hopefully, some kind of data encryption is being used so that if such documents accidently get attached again, the receivers will not be able to view it. This article provides some pointers for doing just that:

http://www.essentialsecurity.com/Documents/article9.htm

[pjdw]

Bottom line

Private information should not be in the hands of non-exec employees in the first place. These employees were emailing ads to customers for goodness sake!
It is time for the people to NOT give out social security numbers as a form of identification and it would be much harder to steal a persons ID. It is time for states that use SS# as ID on drivers license to change the policy and use only driver license ID as a form to identify you as a payee.

[ml_ess]

responsibility

The problem here is still security. If a fraudster doesn't have a Social Security Number, but has gotten a hold of other information that a company like Verizon might have (name, address, bank account information), it could still be enough to inflict damage.
It's like saying "businesses should just not use laptops"... truth is, they'll continue using laptops and if not, carelessness will lead to security breaches anyway.
We can only hope that Verizon has learned its lesson (http://www.iwantmyess.com/?p=90) and will implement increased security measures in the email arena.

[kor17]

Worse!!

I experienced a worse privacy violation just this week. I received an email from Verizon informing me that my application for a discount program was accepted. Attached to the email was a file that contained my personal data (images of my drivers license and check stub) along with the private data of 25 other people who applied to the discount program. So I'm sure at least 25 people receieved the same file. I contacted the Verizon store that was responsible but I haven't heard from them yet. Next step is contacting the Attorney General.