[IP] more on Banking Alert (fwd)
I know which one, the idiots. djf
Begin forwarded message:
From: "Dr. James J. O'Donnell" <provost@xxxxxxxxxxxxxx>
Date: May 26, 2005 7:36:07 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] more on Banking Alert (fwd)
Dave, the problem is not isolated. I will be vague so as not to
increase
the security risk, but a top 20 bank recently sent its customers a
letter
telling them about online services and giving them their online services
account number. The number was their SSN. When called on this, they
said, well, but we formatted it differently (xxx-xxx-xxx), and besides,
many of our customers prefer to use their SSN as their account number.
They sent out many thousands of these in ordinary postal envelopes,
assuming that they had no dishonest mailroom employees whatever, etc.,
etc. What I was most surprised by was their blank incomprehension at
the
thought that one might object.
Jim O'Donnell
On Thu, 26 May 2005, David Farber wrote:
When a very large bank starts to use personal identifiers in insecure
communications, identifiers which have not even been authorized for
that use by the person they identify, I believe that some points need
to be made in regard to right to privacy and security expectations.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/