more on Banking Alert (fwd)

[David Farber <dave () farber net>]

I know which one, the idiots. djf


Begin forwarded message:

From: "Dr. James J. O'Donnell" <provost () georgetown edu>
Date: May 26, 2005 7:36:07 PM EDT
To: David Farber <dave () farber net>
Subject: Re: [IP] more on Banking Alert (fwd)



Dave, the problem is not isolated.  I will be vague so as not to  
increase
the security risk, but a top 20 bank recently sent its customers a  
letter
telling them about online services and giving them their online services
account number.  The number was their SSN.  When called on this, they
said, well, but we formatted it differently (xxx-xxx-xxx), and besides,
many of our customers prefer to use their SSN as their account number.

They sent out many thousands of these in ordinary postal envelopes,
assuming that they had no dishonest mailroom employees whatever, etc.,
etc.  What I was most surprised by was their blank incomprehension at  
the
thought that one might object.

Jim O'Donnell

On Thu, 26 May 2005, David Farber wrote:


> When a very large bank starts to use personal identifiers in insecure
> communications, identifiers which have not even been authorized for
> that use by the person they identify, I believe that some points need
> to be made in regard to right to privacy and security expectations.


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/