Extra, Extra, Read All About These 240,000 Credit Card Numbers

from the there's-a-hole-in-the-bucket dept

We wondered yesterday just how clueless newspaper owners really were, and two Massachusetts papers are doing their best to say “quite clueless indeed”. It’s got nothing to do with Google News, but the Boston Globe and the Worcester Telegram & Gazette — both owned by The New York Times — exposed the credit card data of up to 240,000 subscribers. What’s so stunning here isn’t the mere leak of the data, since that’s becoming so common, but rather how it was leaked. The Worcester paper prints its delivery routing slips on internally recycled paper — the paper it used last weekend happened to be some sort of internal reports with all the credit card numbers on them. The paper now says it’s taken “immediate steps” to increase security, and it’s set up a hotline for subscribers to call and see if their credit card data was compromised. Why is the burden on their subscribers? Shouldn’t the papers be proactively letting people know their card numbers could be circulating? It’s continually amazing how so many of these data leaks aren’t the results of anything active, like hackers, but rather just products of sheer stupidity.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Extra, Extra, Read All About These 240,000 Credit Card Numbers”

Subscribe: RSS Leave a comment
Anonymous Coward says:

i am amazed

I work for a credit card company and these stories constantly amaze me. This info should never have been printed in the first place.
Also, cardholder data should be encrypted in the database, never in plain text. The database servers should be behind several lines of defense.
Cardholder data should never be printed on paper. All internal communications regarding accounts should be done using information other than the card number such as a serial number in the database relating to the account. Printed or electronic information should never leave the company premises.
It makes me afraid to use my credit card to think that anywhere I use it may store my info in plain text on unsecure servers.

A Funny Guy / The Poison Pen says:

Re: i am amazed

Now you I won’t be gentle on….

You freaking idiot who is scared to use your credit card cause someone might steal it…..

so what….. who cares……. your not gonna have to pay anything……….

if it appens enough to hurt the industry they will close their problamatic loopholes and security leaks…..

I for one won’t worry about it in the least….. its their problem and they will pay for it…. not me….

The Poison Pen

Anonymous Coward says:

Re: Re: i am amazed

Technically you are correct in that the credit card company is liable for the money. However, it can be quite a hassle as you spend hours on the phone with customer service getting it resolved. These things often takes days and even months before they are resolved. In some cases, it does not get resolved and people actually end up paying off debts for stolen card info.

FYI, I still do use my credit cards. I was just saying that I think it is pretty lame that a store you shop at may store your info in plain text. I think they should store it encrypted or not at all.

TJ says:

Re: Re: Re: i am amazed

My experience may be no more reliable a measure of what is common than what your experience has been, but based on my experience I would advise against phoning the CC company in the case of credit card fraud.

Every CC statement has info about contacting the company and states that phoning may not preserve your rights. I’ve had one instance of my card # being abused, with five fraudulent charges during one billing period. I mailed a letter to the company listing the fraudulent transactions, asking that the charges be reversed because they were fraudulent and that the company contact me if it needed any additional documentation from me. My understanding is that by law a CC company has to put on hold or reverse charges you say in writing are fraudulent until/unless the company can verify otherwise.

In less than a week all the charges had been reversed without any further contact, and I never had to spend another minute on the matter. It would have been better had it never happened, but approaching the problem the right way can keep the hassle to the minimum necessary.

Clown Smash says:

Re: Re: Poison Pen

if it (h)appens enough to hurt… blah blah blah…
It won’t cost me anything??
Is your time not valuable to you?
Ever have to pay taxes on wages you did not make, cause your Social Security number was used by an illegal alien?
Ever wonder why you pay 12 to 23 percent intrest on credit cards from a bank? While banks will only give you 2 to 3 percent for using your money?
Are you a little clueless as to how oil companies had record breaking profits last year? Was it due to the fact that prices were rediculously high?
“its their problem”…. your the “freaking idiot”
Love ya sweety
Clown Smash

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...