RadioShack is being sued in Texas for allegedly exposing its customers to ID theft. The lawsuit follows allegations that it carelessly discarded sensitive records outside one of its stores. The electronics retailer allegedly tossed papers containing customers' addresses, credit-card numbers, social security numbers and other …
Why does it even have SSNs?
Maybe I'm just showing my naivety of the US Social Security Number system, but why does Radio Shack even *have* customers' social security numbers?
I know the US SSN isn't directly comparable to the UK National Insurance number, but I'd never dream of having to enter that when creating an account (electronic or otherwise) with a retailer. Maybe it's more akin to giving my driving license number - even more bizarre!
Of course, there's always the further question of why it kept credit card numbers in cleartext as well, but hey ;-)
Why have SSNs? Easy
You need to provide your social security number when you apply for credit. Why? I don't know. Everybody seems to have decided that it's a universal identifier. Which is why I watch mine like a hawk. A few years back we got a Best Buy card when we bought our TV. ($100 off to buy it with their card). When the guy was finished calling in the information, he dropped the application in a shredder. THAT's what Radio Shed should have done. The credit application probably had name & address, SSN, date of birth, home phone number, employer and, quite possibly, mother's maiden name. All the makings of an ID theft.
As a security consultant, I've done quite a bit of dumpster diving. You'd be shocked at what some businesses put in their trash. I once found a copy of a marketing plan marked "confidential" that was dated three days earlier.
- Vid Hubble 'scope scans 200,000-ton CHUNKY CRUMBLE ENIGMA
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad