E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Los Angeles Times

Posted on June 13, 2011

Sam Greyson was surprised to receive a new credit card the other day from Bank of America. He was also surprised to learn that the bank had changed his account number because of a security breach involving another business.

But the thing that surprised Greyson most was that when he called BofA to find out more about the breach, he was essentially told to pound sand. "They wouldn't tell us anything," he said. "They said we could read about it in the newspaper."

The US legislation, SB 24, passed the Senate in April and is now under consideration in the Assembly.That would change if legislation now making its way through Sacramento becomes law. The bill from state Sen. Joe Simitian (D-Palo Alto) would tighten California's existing breach-notification rules to require more detailed disclosure of privacy violations.

It's hard to see why anyone would oppose the bill. More than 530 million consumer accounts have been compromised in 2,520 known data breaches since 2005, according to the Privacy Rights Clearinghouse, an advocacy group.

The latest breach came to light Thursday when Citigroup said the names, account numbers and email addresses of as many as 200,000 bank customers were accessed by hackers who broke into Citi's online account site.

The Citi breach was discovered by the company in early May. Citi has declined to say why it took weeks to notify customers of the incident. "There's nothing more disconcerting than getting a notice that says only, 'Hi, we had a breach and you were affected,'" Simitian told me. "Ignorance is not bliss. What you don't know can hurt you."

In BofA's case, the bank gave customers a toll-free number to call for more information, but it wasn't exactly a pathway to enlightenment. A recorded voice would have us believe that not even the bank knows what happened in the latest security breach. "Card issuers are not provided specifics on where or when your account was compromised," the recording says.

Greyson, 56, said he was told the same by a BofA service rep. But when he managed to get a supervisor on the line, he said the bank acknowledged that "at least 100,000" accounts had been affected.

Betty Riess, a BofA spokeswoman, declined to confirm this when I called seeking more info. She said only that "if we think a customer's account may be compromised, we will take steps to protect customers."

That's not good enough. As Greyson told me, he'd like to know which company was robbed or hacked so he can take his business elsewhere in the future.

Simitian's bill wouldn't give us that much sunlight. But it would require that customers be informed about the nature of the breach and what kind of information was compromised, as well as when the breach occurred and how many other people might have been affected. "The bill isn't as tight as I would like it," Simitian said. "I got a lot of pushback from industry."

As I've said before, the keepers of our personal data have a great responsibility. If they're unable to keep the data safe, we have a right to know - and these businesses should bear the full weight of public accountability. Simitian's bill is a further step in the right direction. It should be approved by the Assembly and signed into law by the governor.

Then we should go the next step and ensure that hacked companies share consumers' pain. I'm thinking their identities should have to be publicly revealed and they should pay a fine of, say, $500 for every customer account involved.

Maybe that would result in better security practices.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.