Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Newspapers Wrapped in Credit Card Data

Zonk posted more than 8 years ago | from the phish-wrap dept.

Privacy 150

Buzzy's Roast Beef writes "The Boston Globe reports that bundles of newspapers in Worcester, MA were distributed wrapped in paper which contained subscriber credit card information for 240,000 customers. Those of you paying by check needn't worry; account and routing details for 1,100 customers paying by check were also given out like candy." From the article: "Larkin said the newspapers were first notified of the security breach on Monday by a clerk at a Cumberland Farms store. It took until late Monday for officials to confirm the data on the back of the paper were credit and debit card numbers. Senior management learned of the security breach yesterday morning, Larkin said. The company put out a news release late yesterday afternoon."

Sorry! There are no comments related to the filter you selected.

Access Control (5, Interesting)

imoou (949576) | more than 8 years ago | (#14619335)

It should be a no brainer that financial information (not just credit cards) can only be access by the finance department, and any waste paper in the finance department must be disposed of by professional data destruction companies.

The article explained the mistakes, which were caused by aborted print jobs, only those printed documents were in the bin for recycling!

At least the the newspapers have now added a safeguard to the computer system so only the last four numbers of credit and debit cards can be printed.

Heh. (4, Interesting)

SatanicPuppy (611928) | more than 8 years ago | (#14619506)

Circulation and accounting are connected like two wrestling squid. Every night a whole series of jobs are run referencing all kinds of billing information to determine whose subscriptions are paid up to the point where they qualify to get a paper in the morning. So all the customer card/account numbers are processed by the circulation side, and sent in cash batches to accounting.

So you see there is a financial subset inside circulation that deals with that billing info, which is why they have access to it. The reason it doesn't go straight to accounting is because, in most papers, accounting deals almost exclusively with advertising revenue and billing, which is a lot more complex than 15 bucks a month, or whatever the news subscription rate is, which gets billed automatically.

All that being said, it took some kinda dumbass to dump that info out on the toppers, and a whole crew of dumbasses down the line to attach that information to the paper. Most places don't put anything like personal information on the toppers for papers they're distributing, so it should have been obvious to anyone that there had been a mistake...There are a LOT of people who should have noticed something was wrong.

Re:Heh. (2, Insightful)

colin_young (902826) | more than 8 years ago | (#14619941)

I think a couple of wrestling squid managing the billing and circulation might explain why the Boston Globe was unable to deliver the paper to me when I was a subscriber, and started leaving them on my doorstep whenever I cancelled my subscription (and not just one time).

Re:Heh. (1)

SatanicPuppy (611928) | more than 8 years ago | (#14620104)

That happens a lot actually. They don't pay carriers very much, and it's a pretty sucky job. It can take 'em a week to figure out they're supposed to be throwing a paper to your house, and then another week to figure out they're NOT.

Re:Heh. (0)

Anonymous Coward | more than 8 years ago | (#14620295)

Great business model. Here's a thought, fire people who don't do their job well. If you can't find replacements willing to do the job for the money, raise the salary. If you can't raise the salary, your business model is broken.

Re:Heh. (4, Funny)

SatanicPuppy (611928) | more than 8 years ago | (#14620782)

If you can't raise the salary...Your corporate management is a bunch of money grubbing assbandits who are out for nothing but lining their own pockets...

Woops. Typo. I meant to type "it's a complicated issue." The keys are all right next to each other.

Two Words: Rights Management (2, Interesting)

ImaLamer (260199) | more than 8 years ago | (#14620556)

I work at a newspaper and know exactly what you are talking about, the accounting-circulation connection (hence the department name "Circulation Accounting") but I'm surprised to hear that the full card numbers were distributed. I would assume that only the most inside of people, because computers handle all of the transactions, could access that information.

For example, whenever a card number is typed into the database and updated it will only show the last four digits to any human. I would assume Circulation Accounting could track down the transaction and find the number that way, but as far as I know the full card number is only given up electronically. What is the point of even having a list of card numbers printed on paper? Why would that even be close to the circulation field staff? I would ask the CIO why the field staff needs credit card numbers.

Then you come to another point - are the carriers working for themselves? If so, then the liability may just fall on that one person. It seems the newspaper is picking up some responsibility so I assume they are employed by the newspaper. Then the question goes back to the IT departments: Why can users access information they do not need?

Almost sounds like someone did it on purpose, you never know.

Re:Two Words: Rights Management (1)

SatanicPuppy (611928) | more than 8 years ago | (#14620758)

Yea...I have to agree. I have access to the card numbers where I work, and I know off the top of my head the other 4 people who could call up any number they wanted to. There are only two here who could even generate a list like that, me and my opposite number in accounting.

Definitely seems fishy. What the hell are they doing with their cc numbers there?

Re:Heh. (2, Insightful)

Lijemo (740145) | more than 8 years ago | (#14620773)

Circulation and accounting are connected like two wrestling squid. Every night a whole series of jobs are run referencing all kinds of billing information to determine whose subscriptions are paid up to the point where they qualify to get a paper in the morning. So all the customer card/account numbers are processed by the circulation side, and sent in cash batches to accounting.

So you see there is a financial subset inside circulation that deals with that billing info, which is why they have access to it. The reason it doesn't go straight to accounting is because, in most papers, accounting deals almost exclusively with advertising revenue and billing, which is a lot more complex than 15 bucks a month, or whatever the news subscription rate is, which gets billed automatically.

Um... your description explains why the circulation department needs 1) a unique identifier for each customer and 2) the balance available on their account. You haven't demonstrated why anyone other than one or two people in the billing department would need to have access to the actual credit card or checking account numbers.

If they are using the credit card number as the unique identifier for the customer, that's just dumb, and they deserve censure for setting up the system on such an insecure foundation-- since they have practically gaurenteed some form of security leak.

For if it gets slashdotted (5, Informative)

the-amazing-blob (917722) | more than 8 years ago | (#14619353)

1-888-665-2644 is their hotline "for customers to call to learn whether their financial information may have been distributed."

Also:
"As an extra precaution, newspaper officials also urged subscribers to contact their credit card companies if they are concerned about unauthorized transactions."

This is a very serious problem

The Boston Globe (5, Funny)

Kesch (943326) | more than 8 years ago | (#14619358)

Subscribe for the articles, stay for your neighbor's credit card.

Re:The Boston Globe (1)

Grantisimo (716941) | more than 8 years ago | (#14619952)

I, for one welcome our new Credit Card leaking overloards! I will gladly help recruit slave labor to toil in the *secure* recyling bin.

Re:The Boston Globe (0)

Anonymous Coward | more than 8 years ago | (#14620188)

In Soviet Russia... ah, screw it. Great post though! :)

Need to print the data? (5, Interesting)

funkmeister (783995) | more than 8 years ago | (#14619375)

Why does these data need to be printed at all? What possible need is there to see these numbers on paper?

Re:Need to print the data? (4, Informative)

SatanicPuppy (611928) | more than 8 years ago | (#14619630)

Honestly, and I work in the business, I can't even imagine one. We store all that data, but there is no commonly run report that prints it out. There isn't any point in it.

If you pay by credit card with autopay, or similar, when your subscription is up, the system charges your card. It goes straight to the bank. It's not even a special job...Purely automated. The $$$ amount shows up on the batch report the next day, along with your name and subscriber ID and NOT your credit card number, because it would just be one more thing you don't need to look at on an already crowded report.

At the same time, if someone is paying by check, as opposed to having the money automatically debited from their account every day, we don't KEEP the routing number...Why would anyone? We just keep the check authorization number. With that, you can get the routing number if you need it, for whatever reason, later.

Re:Need to print the data? (3, Informative)

sckeener (137243) | more than 8 years ago | (#14619681)

Why does these data need to be printed at all? What possible need is there to see these numbers on paper?

For legal reasons one must still be able to present data in a form counsel can use in a trusted and secure method.

Re:Need to print the data? (2, Interesting)

QuestorTapes (663783) | more than 8 years ago | (#14619800)

> For legal reasons one must still be able to present data in a form
> counsel can use in a trusted and secure method.

I can understand that for certain legal -purposes- this may be necessary. Is is strictly necessitated by law, however? Federal or state?

For security reasons, many firms don't store the credit card numbers after processing the transaction (obviously, doesn't apply to any regularly repeated transactions/subscriptions).

Is this solely required for repeating transactions?

Uh yea (1)

SatanicPuppy (611928) | more than 8 years ago | (#14619868)

it's called magnetic tape, and DVD backup.

I can tell you with absolute certainty that, in the print media conglomerate that I work for, you will NEVER see hardcopy credit card numbers.

Re:Uh yea (1)

gcottay (157656) | more than 8 years ago | (#14620743)

ditto at this newspaper

Re:Need to print the data? (1)

symbolic (11752) | more than 8 years ago | (#14619874)

I worked for a credit company some years ago, and even with terminals at every desk, there were still reports (some massive) that were delivered to various departments. I'm guessing it was because the storage requirements to manage all that data may have been something on the "very expensive" side. It may have also had to do with the software not being able to access it- companies typically produce reports that make sense to their particular operation. Accessing that same data online, however, is another matter entirely.

expensive subscription (5, Funny)

pvt_medic (715692) | more than 8 years ago | (#14619376)

and you wonder why newspapers have been struggling recently. The price one has to pay to have a subscription is just too much.

Re:expensive subscription (1)

dhakbar (783117) | more than 8 years ago | (#14619464)

Flamebait? It made me laugh.

Looked like a joke to me.

Re:expensive subscription (0)

Anonymous Coward | more than 8 years ago | (#14619503)

sheeeeesh some moderators have no sense of humor.

Re:expensive subscription (1)

wbren (682133) | more than 8 years ago | (#14619529)

Flamebait? I laughed.

I thought it was a funny way of pointing out the decline of paper media. If I hadn't wasted my mod points of that damned Google article I would have modded the parent +1 Funny.

Re:expensive subscription (2, Funny)

potus98 (741836) | more than 8 years ago | (#14619537)

Are you kidding? Do you know how much cheaper it would be to subscribe to these bird cage liners than it would be to purchase 240,000 credit/debit card accounts on the black market? The ROI seems pretty high to me!

Re:expensive subscription (1)

ReddyFreddy (948568) | more than 8 years ago | (#14619709)

The real solution to the problem is to never get a credit card. Turn off external access to your checking account at your bank.. use cash.. the real currency, not the made up tender called credit.. you will also have much more cash in your pocket.. I applaud giving out the numbers.. perhaps more people will cancel their cards.. and lock their bank accounts..

Re:expensive subscription (1)

c_forq (924234) | more than 8 years ago | (#14620259)

you will also have much more cash in your pocket.

I thought this was one of the best reasons to have a credit/debit card. Get mugged? Well they only walked away with what cash was in the wallet, and you never need much in your wallet except when you are planning on making a large purchase or many purchases in cash.

Re:expensive subscription (1)

jargoone (166102) | more than 8 years ago | (#14620297)

You can go ahead and use your "real" currency. Go ahead and lose it, have it stolen, and not use it for internet transactions.

I'll use my credit card, use it on the internet, not worry about losing it, or someone else stealing it and using it. I'll let someone else handle pain in the ass merchants for me. And I'll pay my bill in full every month. And the credit card companies will give me free money for doing so.

"Real solution" indeed.

Re:expensive subscription (0)

Anonymous Coward | more than 8 years ago | (#14619579)

perfect example of mods who dont know what they are doing

Re:expensive subscription (1)

British (51765) | more than 8 years ago | (#14620491)

I thought it was because, many moons ago, they used to call my home number on an almost weekly basis asking me if I wanted to subscribe. This was before the DNC list. I asked them to remove me, and they said it was some random dialer thing that they couldn't blacklist numbers or something.

It was for the St. Paul Pioneer Press.

So that's 2 strikes.

Don't piss off a geek (4, Funny)

overshoot (39700) | more than 8 years ago | (#14619378)

I wonder if the Globe is thinking, "We should never have gone after Peter Quinn. HOW did he do that?"

The nice thing about being an honest guy like Quinn is that the crooks never believe you.

Re:Don't piss off a geek (0)

Anonymous Coward | more than 8 years ago | (#14620658)

Oh give me a break! He IS NOT a geek.

...being an honest guy like Quinn...

Nor is he honest.
I worked under Peter Quinn for many years before he became CIO for the Commonwealth of Massachusetts. You really don't need to glorify him this way. You can be sure he is only concerned about himself. There is an ulterior motive behind his ambitions for ODF standardization and it was a miscalculation on his part unless the resultant cult-hero status was his goal. I know many good tech guys that have his footprints running up their backs. I am truly surprised he didn't take to politics better. He is the embodiment of cronyism/neopotism and self-preservation. All this recent martyrdom by the slashbots has gone on long enough.

I don't think the Boston Globe's smear campaign was fair, and I'm sure Microsoft had something to do with it (despite a friend that works there who swears they had nothing to do with it). But for Christ's sake enough with the hero worship already.

I see that you were modded "Funny" and I should probably lighten up. I'm just sick and tired of it. Don't turn your back on this guy. He will throw you under the bus in a heartbeat just to make himself look better. Sorry to burst your bubble.

Anyone up for doughnuts? (4, Funny)

bzaks (936143) | more than 8 years ago | (#14619380)

Anyone up for doughnuts? a couple of my buddies from Boston are paying... Michael

Re:Anyone up for doughnuts? (1)

ibjhb (173533) | more than 8 years ago | (#14620246)

Doughnuts? or beer?

crazy! (3, Informative)

d34thm0nk3y (653414) | more than 8 years ago | (#14619392)

In case anyone else was wondering (FTA):

The Globe and T&G financial information was inadvertently released when print-outs with the confidential information were recycled for use as ''toppers" for newspaper bundles. A topper, placed on top of a bundle of newspapers, is inscribed with the quantity of papers in each bundle and the carrier's route number.

Re:crazy! (1)

mordors9 (665662) | more than 8 years ago | (#14619562)

Well that would mean that only the trusted carrier is likely to have received the numbers... why doesn't that make me feel much better.

You wish (1)

SatanicPuppy (611928) | more than 8 years ago | (#14619660)

Most times people leave the bundle toppers on top of the bundle when they toss 'em outta the truck at the drop point...Like, for example, your local gas station, grocery store, doughnut shop, whatever.

Lot of people could have seen 'em

Re:You wish (1)

kesuki (321456) | more than 8 years ago | (#14620045)

not to mention jimmy, the neighboorhood newspaper delivery boy, who's getting paid peanuts to deliver these things.. and even if he gets caught using these card number fraudulently is highly unlikely to be tried as an adult, given the circumstances.

Sounds like Playboy (5, Funny)

thaerin (937575) | more than 8 years ago | (#14619394)

I don't buy it for the pictures, I only read it for the occasional misprinting of hundreds of thousands of credit card information. *YOINK*

Re:Sounds like Playboy (1)

Lispy (136512) | more than 8 years ago | (#14620154)

Ya know, charging by your sig noone will believe you... :)

No biggie (2, Funny)

Rethcir (680121) | more than 8 years ago | (#14619398)

Don't worry, we in Mass are sure this situation will end up fine now that Theo Epstein is back.

Re:No biggie (0)

Anonymous Coward | more than 8 years ago | (#14619549)

New Yorkers aren't worried either. Rumor has it that George Steinbrenner spread Johnny Damon's 2006 salary across the credit cards of several Bostonians this morning.

Can't get enough Red Sox coverage... (1)

michaeltoe (651785) | more than 8 years ago | (#14619572)

I'm changing my cable subscriber. I need a solid 2 hours of shark attacks and baseball, plus regular updates about that kitty down the well.

A newspaper wrapped in credit card data... (1)

lbmouse (473316) | more than 8 years ago | (#14619399)

...inside an enigma. That's what this is [phrases.org.uk] .

Why? (4, Insightful)

suwain_2 (260792) | more than 8 years ago | (#14619403)

Why was this information even printed out? I can't think of any reason that they would need to print full credit card numbers out. This sounds like an incredibly foolish thing to have happened.

Oh the irony... (5, Funny)

Soko (17987) | more than 8 years ago | (#14619407)

I clicked on the link in TFA, and got a page displaying an ad. 'For what?' you may ask.

The ad was for American Express. ^_^

Soko

Upon Request?! (3, Funny)

garcia (6573) | more than 8 years ago | (#14619414)

The newspapers will turn over the card numbers of subscribers who may have been affected to the companies upon request. As of last night, Mastercard and Visa have asked for the details. The newspapers are doing the same thing with banks of customers who may be affected.

They will only turn the numbers over upon *request* and only MC and Visa have requested it? WTF?!

Re:Upon Request?! (2, Funny)

LiquidCoooled (634315) | more than 8 years ago | (#14619607)

Its ok, the other companies ordered bundles of papers for their offices.
They already know which numbers were released.

Re:Upon Request?! (0)

Anonymous Coward | more than 8 years ago | (#14619994)

Hey man, it's your own fault if you've got an AmEx or Discover card. ;)

The industry is getting desperate... (5, Funny)

Rob T Firefly (844560) | more than 8 years ago | (#14619434)

Everyone knows the newspaper industry is struggling to compete with the Internet, but they're really reaching nowadays, emulating the net's security breaches as well..

So I go to read the article, and the ad on-page is (1)

namespan (225296) | more than 8 years ago | (#14619444)

... for an American Express card. :)

Maybe it all fits. Maybe a subscriber would want a new card after their Visa # is everywhere they want to be.

And please tell me there's some kind of criminal statute being violated here. The idea that those numbers would need to ever be printed out en masse is ridiculous; the process of letting those printouts get into the real world is grossly negligent.

Why don't credit cards use private keys? (1)

giblfiz (125533) | more than 8 years ago | (#14619453)

This happens so often, and it is not really surprising. What makes me sad is that there is a much safer way that this could be handled. Rather than giving out credit card numbers your card number being stored by everyone who want's to bill you in a recurring manner the card could instead be a private key, and used to sign a transaction statement. (or even a recurring transaction statement) That way when someone at megaCorp screws up and leaks all of there users CC data all that goes out are a bunch of "I will allow megaCorp to bill me $20 a month" signed statements.

Re:Why don't credit cards use private keys? (0)

Anonymous Coward | more than 8 years ago | (#14619545)

For anything to get done you have to explain how the idea works to a manager that signs off on it. For kicks I just tried explaining your idea to my manager. Maybe I suck at explaining things, or maybe it's as I expected, and managers are just too damn retarded half the time to understand a good idea wrapped inside a fifty and stuck in their wallet while they sleep.

Re:Why don't credit cards use private keys? (0)

Anonymous Coward | more than 8 years ago | (#14620135)

I know visa does do a thing like this, they have a program that will create credit card numbers and tie it to your account for one specific amount/time/transaction. When i tried to get it before, it only ran on windows so i decided it might not be a good idea because it wasn't web based and stuff.

Don't look now but... (0)

Anonymous Coward | more than 8 years ago | (#14619460)

"The company put out a news release late yesterday afternoon"

And on the back of the news release was every subscriber's social security number.

Penalties and legal action? (1)

gliph (823543) | more than 8 years ago | (#14619478)

Are there laws for things like this? I've heard of local companies having breaches, and all that comes of it is "oops, sorry. call us and call your credit card companies". shouldn't there be some sort of legal obligation for companies leaking/releasing this information? i don't know anything about health care, but aren't records there kept very confidential? aren't there fines and/or penalties for releasing patient information? shouldn't consumer information be treated the same way?

Your needs - My needs (0, Redundant)

Nom du Keyboard (633989) | more than 8 years ago | (#14619493)

Those of you paying by check needn't worry; account and routing details for 1,100 customers paying by check were also given out like candy.

I'd say that's a very good need to worry.

Re:Your needs - My needs (1)

pl1ght (836951) | more than 8 years ago | (#14619658)

You have a keen sense of sarcasm

Re:Your needs - My needs (0)

Anonymous Coward | more than 8 years ago | (#14619682)

I think you'll find that was "sarcasm".

Re:Your needs - My needs (1)

punkass (70637) | more than 8 years ago | (#14620692)

Good thing that type of information isn't printed on your checks...wait...OH SHIT!

It's really bad (2, Funny)

Anonymous Coward | more than 8 years ago | (#14619500)

...when newspapers resort to creating news on a slow day.

major busnesses have no security. (1)

giblfiz (125533) | more than 8 years ago | (#14619507)

This sort of thing just makes me weap. I don't know which is worse, this one because a newspaper pushed credit card data out to a bunch of its users, or the ameriprise one http://www.nytimes.com/2006/01/26/business/26data. html [nytimes.com] because you would think that american exspress would be more carefull, after all it is there job.

From the article on American Exspress:

[American Exspress Lost] included the names and Social Security numbers of about 70,000 current and former financial advisers and the names and internal account numbers of about 158,000 customers, about 6 percent of its 2.8 million clients.

They don't comply (5, Informative)

szembek (948327) | more than 8 years ago | (#14619509)

Apparently the Boston Globe Doesn't comply with the Payment Card Industry standard, found here: http://usa.visa.com/business/accepting_visa/ops_ri sk_management/cisp.html [visa.com]
Specifically these sections:
9.10 Destroy media containing cardholder information when it is no longer needed for business or legal reasons:

9.10.1 Cross-cut shred, incinerate, or pulp hardcopy materials

9.10.2 Purge, degauss, shred, or otherwise destroy electronic media so that cardholder data cannot be reconstructed

Re:They don't comply (1)

teklob (650327) | more than 8 years ago | (#14620274)

9.10.3 Under no circumstances should full customer credit card information be published.

Oops.

C'mon now, let's at least make an effort! (1)

dfung (68701) | more than 8 years ago | (#14619538)

I'm having a really hard time thinking of any way that they could have been more cavalier about this sensitive financial information.

Anyone, anyone? Bueller? Bueller?

If I allow somebody to cache my information, I would hope that they would at least try to protect it, rather than delivering to the world at large!

that's a wicked pissah! (1)

slackomatic (931939) | more than 8 years ago | (#14619546)

seriously, that's retarded. how did someone further up the supply chain not catch that?

Re:that's a wicked pissah! (3, Funny)

Pope (17780) | more than 8 years ago | (#14619656)

Totally retahded! Who's up for a soda down at Friendly's?

Re:that's a wicked pissah! (1)

slackomatic (931939) | more than 8 years ago | (#14620819)

I'll have a tonic - I never like the Fribble.

save paper? (2, Funny)

dotpavan (829804) | more than 8 years ago | (#14619597)

I think they were trying to save some paper by recycling.. errr reusing papers.. heard of "Save paper, use both sides of toilet paper"?

Stupid (1)

SatanicPuppy (611928) | more than 8 years ago | (#14619837)

We recycle a lot of paper, but we don't recycle it BACK INTO THE PRINTER. If nothing else, those high capacity laser printers have a tendency to jam on paper that's already been printed on, and if some motherf***er calls me at 3:30 in the morning because his motherf***ing toppers didn't get printed because some moron loaded the printer with crap paper, trying to save 5 bucks, I would be homicidal.

It's such a major screwup, it's hard for me to see how it couldn't have been done at least partly on purpose. How the hell did all those credit card numbers make it to hardcopy?

Perhaps the globe should investigate (2, Insightful)

codepunk (167897) | more than 8 years ago | (#14619616)

Themselves this time!

Burn Box, anyone? (2, Insightful)

andreMA (643885) | more than 8 years ago | (#14619631)

Jesus Christ on a pogo-stick... you don't "recycle" some things. Put a cardboard box in each work area that deals with sensitive information for printouts like this, then collect it and effectively shred it. How hard is this?

Re:Burn Box, anyone? (1)

tuxette (731067) | more than 8 years ago | (#14619676)

One has to make an effort. It's work, you know. Flying Spaghetti Monster forbid anyone do any work...

Re:Burn Box, anyone? (1)

The Ilia (933432) | more than 8 years ago | (#14619879)

What a hypocrite. The things he does with his noodley appendage could be considered work.

Re:Burn Box, anyone? (1)

tuxette (731067) | more than 8 years ago | (#14619912)

No, that's pleasure...

Re:Burn Box, anyone? (1)

The Ilia (933432) | more than 8 years ago | (#14619958)

Sometimes pleasuring is hard work.

I was on the list (3, Interesting)

flez (463418) | more than 8 years ago | (#14619695)

I woke up this morning to read that the Globe (which I subscribe to) was plastering my CC number all over the place.. Called their "hotline" which was busy all morning (.5million subscribers, one number, you do the math). Finally got through after lunch and was on hold for 1/2 hour to find out that my name was on the leaked list.

So I had to cancel my card and get a new one.

It's too bad the Herald is such a rag or I'd drop my subscription today. Maybe I will anyway and just get my news off the web like everyone else.. but I so love to curl up with my coffee and paper on sunday mornings...

Re:I was on the list (1)

Liveandletlive (841246) | more than 8 years ago | (#14619809)

I agree with you. Some how the smell of a freshly printed news paper, along with fresh coffee is too intoxicating :)

Once you get into that habbit, getting the laptop and searching for news becomes too tiresome.

However, if newspapers start distributing our credit card info like this, we may not have a choice.

Re:I was on the list (2, Funny)

Anonymous Coward | more than 8 years ago | (#14619824)

I'll be sure to send you a postcard from my vacation in the Bahamas.. or should I say, *your* vacation in the Bahamas...

Re:I was on the list (1)

flez (463418) | more than 8 years ago | (#14620039)

just be sure to find a nice looking girl to spend my money on.. i'd hate for my credit to be ruined on some 2 bit ho

Re:I was on the list (1)

taijirad (584518) | more than 8 years ago | (#14620069)

You could always go down the block to Cumberland Farms and buy your Sunday paper. At least they notice when your personal information is at risk.

YOU FAIL IT?! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14619715)

on baby...donm't [goat.cx]

insane (2, Interesting)

apocalypse76 (254086) | more than 8 years ago | (#14619739)

This takes irresponsible to a whole new level. Any company in thier right mind should have shredders/chippers in thier finance department for any waste paper.

Since having your identity stolen is so difficult to recover from I think anyone that has had thier info. sent out should sue if thier identity is stolen. Then the company gets to pay for the next five years of credit cleanup for the person.

Hit'em in the pocketbook and they'll pay more attention.

dream come true.. (2)

dotpavan (829804) | more than 8 years ago | (#14619833)

for any dumpster driving person, imagine all the info you would have got dumpster driving, home delivered!

The Boston Globe Subscription Dept. (1)

digitaldc (879047) | more than 8 years ago | (#14619838)

Do they take credit cards?

Freedom of the Press? (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14619889)

Wait, I thought credit card mis-haps & other sources of fraud and identity theft, only occurred on the Internet. Seriously, it's bad enough we have to spend 20% of our lives shredding our old financial data, but to have a 'supposedly' responsible organization make it all for not?

Worse still, we've now found out (in a round-a-bout fashion) that they been 'recycling' these credit card 'reports'. So that means for countless years, the people have just been 'giving' private/confidential/sensitive information to another company? Depending on who does the recycling, this trash may even be public property (like residential trash taken to the curb). I hope for damn sure they have a contract with this company that dictates the terms of use for this material and that it includes a clause defining the destruction of financial data.

I guess 'Freedom of the Press' has a new meaning now, eh?

Similar thing happened to me, maybe you too (4, Interesting)

c41rn (880778) | more than 8 years ago | (#14619930)

I recently got a CD from H&R block to use when doing my taxes. Turns out that H&R accidentaly printed my social security number on the mailing label along with a string of other 'tracking numbers'. They sent a letter appologizing about it and saying that it had happened to a number of their customers. I still wonder why the shipping/printing department at H&R Block would have access to social security numbers at all.

Re:Similar thing happened to me, maybe you too (1)

Overzeetop (214511) | more than 8 years ago | (#14620283)

That's because your social security number is a general purpose number used to identify you from everyone else, and is highly unlikely to be duplicated by another person. The fact that it was used on your mailing label is so that they can have all the tracking information. The others are probably non-identity specific (region, income level, marital status, sexual preference, etc.).

What you should be wondering is why it's not illegal for anyone but the social security administration to use your number for any reason whatsoever.

Re:Similar thing happened to me, maybe you too (1)

stringycheese (949470) | more than 8 years ago | (#14620582)

I guess H&R block have never heard of a serial (or autoinc) number to use for a unique id instead of someone's SSN.

mod 0p (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14619993)

clearly 3ecome [goat.cx]

News release (1)

Potatomasher (798018) | more than 8 years ago | (#14620031)

I just hope they double-checked what kind of paper the news releases was printed on !

Now that's odd. Would've expected... (2, Funny)

Esion Modnar (632431) | more than 8 years ago | (#14620086)

...the newspapers to be wrapped in fish. Different rules in bizarro world.

It's bad enough... (1)

atomic_toaster (840941) | more than 8 years ago | (#14620194)

It's bad enough that we have to worry about security so poor that personal data backups are transported in personal vehicles and then stolen [slashdot.org] , or that some companies allow data breaches that result in identity theft [slashdot.org] ... Now they're just giving our important data away?

That's it. I'm just writing my credit card numbers & expiry dates, passwords and PINs on stickies and leaving them on my monitor and in my wallet. That's about equally as secure as giving them to any company these days...

#irc.trolmltalk.com (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14620338)

Be in a scene a8d see. The number roots and gets on Usenet. In 1995,

Website to check if you've been exposed (3, Informative)

UM_Maverick (16890) | more than 8 years ago | (#14620482)

In addition to the phone number that other people have posted, there's a website (no hold time) that you can check to see if you've been exposed. You'll need to supply your home phone number and zip code:

http://www.bostonglobe.com/cclookup [bostonglobe.com]

and yes, I'm on the list....

Re:Website to check if you've been exposed (2, Funny)

Shemmie (909181) | more than 8 years ago | (#14620647)

I went to check that website out, and all I got was a load of names and numbers pop up on screen. Weird.

It's Downhill From Here (1)

Vengance Daemon (946173) | more than 8 years ago | (#14620616)

It is interesting that, when a company starts to slide, the sloppiness seems to creep into all levels of the organization. Groklaw has recently been running a thread [groklaw.net] on the shoddy research of a reporter at the Boston Globe who trashed the Massachusetts CIO.

Now they wrap newspapers with credit card numbers.

I Got Your (Credit Card Number) (1)

Anti_Climax (447121) | more than 8 years ago | (#14620688)

How do you like them apples?

Data security (2, Insightful)

stringycheese (949470) | more than 8 years ago | (#14620698)

I am continually amazed that these big corporations lose credit card, ssn, and other personal data all the time. Why were these card numbers printed in the first place? Why was the paper recycled or reused and not shredded or professionally destroyed?

They should be required by law to keep the data secure. I would propose the following requirements:

- Credit card and personal inforomation must be stored encrypted or not stored at all.
- Any machines containing cardholder data should be fully equipped with anti-virus, anti-spyware, firewall, etc.
- Printouts should never have the full card number. They should build their reports with just the last 4 digits of the card number or preferably using some other id number like a customer id or subscriber id that means nothing to someone outside of their database. Same thing goes for SSN.
- Printouts with any card or personal info should never leave the building
- Printouts should be under lock and key while they are needed, not just sitting on someones desk.
- Printouts should be shredded or professionally destroyed when they are no longer useful.
- Laptops or other removable media should never leave the building with any useful info.

Failz0rs! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14620735)

networking test. 3ontinues 7o lose
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?