Newspapers Wrapped in Credit Card Data 150
Buzzy's Roast Beef writes "The Boston Globe reports that bundles of newspapers in Worcester, MA were distributed wrapped in paper which contained subscriber credit card information for 240,000 customers. Those of you paying by check needn't worry; account and routing details for 1,100 customers paying by check were also given out like candy." From the article: "Larkin said the newspapers were first notified of the security breach on Monday by a clerk at a Cumberland Farms store. It took until late Monday for officials to confirm the data on the back of the paper were credit and debit card numbers. Senior management learned of the security breach yesterday morning, Larkin said. The company put out a news release late yesterday afternoon."
For if it gets slashdotted (Score:5, Informative)
Also:
"As an extra precaution, newspaper officials also urged subscribers to contact their credit card companies if they are concerned about unauthorized transactions."
This is a very serious problem
crazy! (Score:4, Informative)
The Globe and T&G financial information was inadvertently released when print-outs with the confidential information were recycled for use as ''toppers" for newspaper bundles. A topper, placed on top of a bundle of newspapers, is inscribed with the quantity of papers in each bundle and the carrier's route number.
They don't comply (Score:5, Informative)
Specifically these sections:
9.10 Destroy media containing cardholder information when it is no longer needed for business or legal reasons:
9.10.1 Cross-cut shred, incinerate, or pulp hardcopy materials
9.10.2 Purge, degauss, shred, or otherwise destroy electronic media so that cardholder data cannot be reconstructed
Re:Need to print the data? (Score:5, Informative)
If you pay by credit card with autopay, or similar, when your subscription is up, the system charges your card. It goes straight to the bank. It's not even a special job...Purely automated. The $$$ amount shows up on the batch report the next day, along with your name and subscriber ID and NOT your credit card number, because it would just be one more thing you don't need to look at on an already crowded report.
At the same time, if someone is paying by check, as opposed to having the money automatically debited from their account every day, we don't KEEP the routing number...Why would anyone? We just keep the check authorization number. With that, you can get the routing number if you need it, for whatever reason, later.
Re:Need to print the data? (Score:4, Informative)
For legal reasons one must still be able to present data in a form counsel can use in a trusted and secure method.
Website to check if you've been exposed (Score:4, Informative)
http://www.bostonglobe.com/cclookup [bostonglobe.com]
and yes, I'm on the list....
Not just credit cards... but telephone numbers... (Score:3, Informative)
The books arrived packaged in a box, with packaging made from horizonyally shredded listings of Oracle customer response center telephone numbers.