Thursday, January 18, 2007

Customer, investment information compromised

Two stories about the security of financial information broke today that makes one really wonder how secure our personal data is anymore. First, TJX, which operates under such labels as TJ Maxx, Marshalls, Winners and Home Sense, said that someone hacked into the data system that handles hundreds of thousands of credit card transactions sometime last month during the Christmas rush. Second, CIBC said a backup drive, in transit from Montréal to Toronto, somehow went missing -- and on it is the data of nearly a half million customers of its Talvest investment banking division.

Both events were part of the water cooler talk at work today and we wondered if some of the clients we serve may have been affected as well. (Sorry, can't say which clients, I signed a confidentiality agreement when I got hired.) The general sense was, who's behind it all? In the worst case scenario for the first one, one only has to think of two words: Al Qaeda. At best, it may have been just plain mischief, but still very illegal.

The second one, however, just is plain crazy. If one was shipping that kind of data, doesn't one used a bonded courier under the strictest of security? Mutual funds may be boring but they're no laughing matter -- and among the funds managed are a number of Labour Sponsored Investment Funds, which as the name suggests are those sponsored by trade union groups and which receive preferential tax treatment in many provinces. What possible comfort can anyone get knowing the data may have fallen into the wrong hands. This makes faxing personal info to a lumber yard look like small potatoes.

No amount of security is ever going to be foolproof. I reckon it's bound to happen again. But what worries me is the time lag between when the breach happened and the news being released to the media. Four weeks is an extremely long time to inflict the kind of damage any untoward elements would like to make. Just a few minutes, in fact, is too long. This isn't a case of crying wolf. It makes one want to think twice about doing business with it or any of its affiliated or partner companies.

Sometimes, I wish companies would risk crying wolf if they even suspect something untoward happened. It might help protect a lot of consumers who would naturally want to take the appropriate action to prevent further identity theft.

To vote for this post at Progressive Bloggers, click here.

No comments: