Verizon Wireless emails customer data to other customers

It was reported Friday that a Verizon Wireless employee emailed a spreadsheet of customer personally identifiable information to about 1,800 Verizon customers. The spreadsheet contained the name, email address, cell phone number and cell phone model of 5,210 Verizon Wireless customers.

News.com reports:

The spreadsheet was inadvertently sent to about 1,800 people, all Verizon Wireless subscribers, according to a follow-up e-mail apologizing for the gaffe that the mobile carrier sent on Thursday. The Excel file was attached to an ad for a Bluetooth wireless headset, instead of the electronic order form that was supposed to be sent.

“Verizon Wireless takes the security, confidentiality and integrity of your personal information very seriously, and we deeply regret this error,” the company said in the Thursday e-mail. It said that it has already implemented additional quality control procedures and process improvements to prevent a re-occurrence.

The information in the document is limited and does not immediately expose those listed to fraud, the company said in its apology. Yet it recommends that people affected review their bills more carefully and add a password to their account by calling 1-866-861-5096.

Verizon Wireless tries to put a spin on the story by saying customers were not “immediately exposed to fraud.”

While the privacy breach in no way makes identity theft automatic, it helps put a clever fraudster in the starting blocks, said James Van Dyke, the principal analyst at Javelin Strategy & Research in Pleasanton, Calif., which tracks identity fraud.

“To commit ID fraud, you must do several things well. This just makes the job slightly easier,” he said. For example, with this list in hand, a fraudster could call the listed numbers, pretend to be a Verizon Wireless representative and ask the subscriber for information to update the account.

Complete News.com article: “Verizon gaffe lets customer details slip”

This just illustrates the point that while a company tries to do the right thing and put safe guards in place to protect sensitive information, it just takes one careless mistake to open the company to criticism and compromise the privacy of it’s customers. Many questions need to be asked:

• Why was that information being passed around internally on a spreadsheet? (Seems like all they needed was a list of email addresses only.)
• Did that employee have a legitimate right to have that information for business purposes?
• Is there a procedure in place to have a second employee review communications to customers before they are sent?
• How will this employee be punished for this careless action? Yes, punished!

Unfortunately, I guarantee we’ll see more stories like this in the future.
-Roland

Related Links:

• More articles about careless organizations that allow data to be stolen…

Roland Reinhart is an interactive marketing professional who is concerned about how companies big and small handle personally identifiable information. His observations can be found at Chaos365.com and AdMadMan.com.

©2006 Roland Reinhart. All Rights Reserved.