A Really Good Reason to Reject Loyalty Cards

This is a really good reason to tell stores to stuff it when asked to sign up for a loyalty card. Also watch what information you put on those warranty cards you send in - they DON'T need your social security number. What really pisses me off is that these asshats collect years of information on people (much of it inaccurate), with out their permission and then don't even bother to encrypt their database or notify people (unless required by law) that their database has been attacked.

This is a company that deserves to have the sh*t sued out of them and I really hope some poor person who's idenity was stolen does it.

Hackers May Have Stolen Californians' Data

2 hours, 23 minutes ago Technology - AP

By RACHEL KONRAD, AP Technology Writer

SAN FRANCISCO - A company that collects consumer data warned thousands of Californians that hackers penetrated the company's computer network and may have stolen credit reports, Social Security (news - web sites) numbers and other sensitive information.

ChoicePoint Inc., which sells such data to government agencies and a variety of companies, acknowledged Tuesday that several hackers broke into its computer database and purloined data from as many as 35,000 Californians.

Last fall, hackers apparently used stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts, said Chuck Jones, a spokesman for Alpharetta, Ga.-based company. They opened about 50 accounts.

The attack appears to have resulted in at least six cases of identity theft in Los Angeles County. It's unclear whether the data of people outside California was exposed. But law enforcement agents, who have arrested one person on six counts of theft, say hundreds of thousands of Americans elsewhere may be at risk.

ChoicePoint has not notified consumers in other states, nor is it working with law enforcement agents elsewhere, Jones said.

"California is the focus of the investigation and we don't have any evidence to indicate at this point that the situation has spread beyond California," Jones said. "If at some point in time we get information that it's in other areas, we'll revisit the disclosure."

Security experts dismissed the notion that hackers would limit their attack geographically.

"I've never heard of a hacker doing something just to make a company comply with a state statute — that's ridiculous," said Nick Akerman, partner and co-chair of the computer fraud division of law firm Dorsey & Whitney. "It'd be like robbing a bank that wasn't FDIC insured so the robber wouldn't have to be prosecuted by the FBI (news - web sites)."

When ChoicePoint discovered the crime in October, it closed the suspect accounts, restricted access, strengthened site verification, informed law enforcement agencies and cooperated in their investigation.

On Oct. 27, California sheriff deputies arrested Olatunji Oluwatosin, 41, when the Nigerian national went to his office to receive a fax ostensibly from ChoicePoint. Police were waiting for the North Hollywood resident at his office in Los Angeles. He's been in jail since then and is scheduled to appear in Los Angeles County Court on Thursday.

Robert Costa, the lieutenant in charge of Southern California's High Tech Task Force Identity Theft Detail, said agents believe several other people were involved.

"It definitely could not have been limited to Southern California," Costa said.

ChoicePoint sent e-mail notifications to Californians last week.

State residents were the only Americans notified because the state has a unique law requiring companies that do business with residents to warn them when they've had holes in corporate computer networks. Since the law went into effect in July 2003, organizations have alerted customers whenever "unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

The bill defines "personal information" as an individual's first name or initial and last name, with one of the following: Social Security number; driver's license number; state identification number; or credit or debit card account number and security code. Except when disclosure would impede a criminal investigation, companies must notify consumers "in the most expedient time possible."

The law doesn't impose specific fines but makes companies with questionable computer networks more vulnerable to lawsuits and public scorn. If a hacker gains access to data for 500,000 or more customers, the company must alert those people through e-mail, a "conspicuous" posting on a Web site and disclosure to a major media outlet.

Identity theft is the country's fastest-growing crime, and more than 9.9 million Americans were victims last year. The crimes cost a total of $5 billion, not including lost productivity, according to the U.S. Postal Inspection Service.

One of the biggest breaches happened in October, when a University of California network exposed personal data of 1.4 million Californians. The computer database in Berkeley contained names, addresses, phone numbers, Social Security numbers and birthdays of everyone who participated in a state in-home care program since 2001.

The ChoicePoint attack could galvanize support for a federal law protecting consumers from corporate security breaches. New Hampshire, New York and Texas politicians are considering similar bills, and Sen. Dianne Feinstein (news, bio, voting record), D-Calif., reintroduced legislation last month for a national version of the California law.

"This is a nightmare scenario for the company and for consumers," said Matt Stevens, chief technology officer at Network Intelligence Inc., a database security company in Westwood, Mass. "More of these incidences and people will wake up. Right now you've got people in Massachusetts saying, `Hey, why am I less important than people in California?'"

I want this law here in FL..

There is a local store here that has this "service". You get discounts on prices if you have their card. Three things strike me about this.

First, if I dont sign up, to the store, I am 2nd class and dont deserve a deal. Well, I am in the store to begin with and if I am not a worthy customer for just being there, why make me feel 2nd class?

Second, the discount prices are not really a discount. I have studied pricing and another local store always has lower everyday prices on the things that are touted as being a discount at the judgemental store and they dont make me sign up to be a member. To them, my money is as good as everyone else.

And finally, no additional service, thinly veiled promise of superiority over the average shopper, and the risk of identity theft. Geez, paint a target on my back and sign me up!

My sentiments exactly. Not to mention the privacy invasion of having everything you buy recorded and available to anyone they choose to give it to. (Including but not exclusive to credit bureaus, insurance companies, local, state and federal government).

I am SICK of these data collection companies and I do believe that the only way people are going to curtail their activities is to hold them responsible for the information they collect when their distribution or use of the information, without our permission, results in any loss of income, denial of employment, denial of credit, denial of insurability, denial of mobility (such as boarding an aircraft) or idenity theft.

I did some volunteer work for CASPIAN a couple of years ago. I came up with a list of products and purchased the same list at three different grocery stores. Two had bonus cards (Giant and Safeway) and one did not. What I found was that the non-sale prices at stores with bonus cards are jacked up by 15-25% over the prices charged at the store without a bonus card program. In other words, the supposed savings you get with the bonus card is negated by artificially inflated prices on all non-sale items. You're paying extra for your groceries in order to subsidize your grocery store's ability to collect data about you to sell to third parties. It's a complete scam.

For more information see http://www.nocards.org