I guess a dumb question.
So I received yet another in a plethora of notices of data breaches.
In this case PureB2B UK
So here is my question:
Why (in the heck) does a data marketing and advertising company need to be archiving my
actual work email login password?!?! , sorry, this just makes no sense to me.
1 Like
3 guesses:
- The notice you received was written by a legal department. As a result, there will be extensive use of qualifier words such as “may” and “could” that apply to the types of data involved in the breach.
- Your employer provides data to the affected company.
- You use software, a website, or a cloud service for logging onto your work accounts that provides data to the affected company.
They archive your email information because they think they can use it to make money. I worked for trade magazines many years ago; their mailing list (postal in those days) was valuable – and closely guarded – because they could rent it to advertisers to send direct mail advertising, and could use it to offer subscriptions to publications. They may have scooped up the password by mistake, or because they thought they could make more money by selling the password with it. And if you think data marketing and advertising companies would worry about the consequences, I am sad to inform you that they don’t.
1 Like
- The notice I received was from a monitoring service I was comp’d to, I think, as a remediation by ATT after one of their major breaches.
- There should be no reason the employer would be providing employees login information
- Well it is a managed Google suite so there you go
- yikes
It makes sense that it would be hard to target Dark Web-sters for maliciously managing people’s stolen private data
It should be a different story for companies that are know entities that engage in these gray area?
operations
For instance companies that are “public records data provider specializing in background checks and fraud preventio”* could be shut down. Literally just send a 13 year old kid in there and power down their servers … as a remediation for their sloppy handling of private data …
and since when is a social security number considered a public record?
not withstanding the notion that virtually all of the credit agencies have been hacked … therefore
virtually all social security numbers are now public data LOL
Especially after a major background-check company was breached, exposing 2.9 billion data records.
Maybe now people will realize that it is and has always been a bad idea to use SSNs as anything other than an account number for paying your taxes…
Naaah. People will never grow a brain no matter how bad it gets…
1 Like
I guess it seems more logical that an outfit like NPS, if breached, would have a broad scope of private data compromised.
When it comes to a data marketing and advertising company would it seem more logical that their breach was more in the manner of data scraping in real time … … it still does not make sense that an advertising company would actually be archiving social security numbers, but that certain data was compromised during some particular time frame or process … I guess that’s a question '-)
I’d say the current (mis)use of SSNs as a universal identity number is the result of public policy, where the US federal government has never, for many reasons, issued compulsory national identification cards or numbers, and the cumulative effects of many, many unconnected private sector decisions taken over time in the absence of a “USA-ID number”. This situation is similar to the path health insurance in the US took to the present day. What started as a way for private employers to increase salaries under wartime economic controls in the 1940s became the entrenched system for American healthcare.
1 Like
A new guess: the alert involved Pure Storage, a cloud data storage company, not Pure B2B, a small consultancy involved with personal coaching and personal networking that appears to be run by a sole proprietor.
The use of SSNs has dropped over the last few decades, though it’s still far too common. I remember when I was in college some 30-odd years ago that our SSNs were used as our student ID numbers. Completely irresponsible, and difficult to opt out of (unless you were a non-citizen who didn’t have an SSN).
Even the US government misuses SSNs. If you have Medicare, your Medicare ID is essentially your SSN. While this may help connect Social Security and Medicare accounts more easily, it also spreads your SSN to every medical provider you use (if you have Medicare).
We really do need new, more secure identifiers for pretty much all the purposes SSNs are currently used for, thanks to multiple leaks of massive numbers of them. But it’s probably never going to happen. There’s just too much bureaucracy and technical infrastructure built around the current usage for any significant change to be anything but a catastrophic upheaval.
1 Like
That is no longer true. My Medicare number is now an alphanumeric code that appears to have nothing in common with my SSN except its length.
https://www.aapc.com/blog/47112-new-medicare-card-project-and-medicare-beneficiary-identifiers-mbis/
1 Like
Good to know. I’m not yet of Medicare age, so my experience with Medicare numbers goes back to when I worked in health insurance, which was several years ago. At least one thing has been done intelligently by the government.
My particular, and specific notification was actually for pureb2b dot co dot uk
But it would not surprise me in the least that pure storage has my data too, even though
I’ve never interacted with them directly.
It only takes one to seventeen hacks and breaches to assume it’s ALLLL out there at this point
;-]
Unfortunately with healthcare insurance company data breaches, I’m pretty sure Medicare numbers are out there too. People routinely have had their accounts billed for services they personally never received. Very dangerous too if you are flagged as having or not having a medical condition on your record.
1 Like
As mentioned earlier, Social Security numbers were replaced years ago with new Medicare ID numbers but due to a recent data breach, those that were affected will be receiving new cards and a relative just received a new one this week:
1 Like
Good to know. Thank you.
1 Like