David Lazarus, in a Los Angeles Times column, discusses the story of Victoria Afonina, a Chase Bank customer, and how the security of her financial data, and her privacy, was breached.
West Hills resident Victoria Afonina works as a computer programmer for a major supermarket chain, so she knows probably better than most people how vulnerable her personal information is once it gets out into the open.
She routinely tells banks and other financial-service providers that they can’t share her information with other companies.
So it came as something of a shock when a letter arrived from Chase bank the other day informing Afonina that her name, address and account numbers were among confidential customer data that had been shared with another business.
Worse, according to Chase’s letter, a file containing the info had been inadvertently posted online for all to see.
And as if that wasn’t troubling enough, the information “was accessed by a non-Chase employee,” which narrows the list of possible suspects to, oh, about 6.6 billion people. […]
But the accidental posting of confidential customer data on another business’ website is highly unusual, illustrating the ease with which your personal info can get out there — even when you specify that you want your records to stay under wraps.
A Chase spokesman, Tom Kelly, declined to provide details of the breach, including the name or location of the other company involved, or how long customers’ data were posted online. He said only that Chase works with the other company to handle some of its mailing.
Chase Bank waited three months to inform customers of the security breach, and is offering affected customers “a year of free credit monitoring (using Chase’s own monitoring service).” But, the bank won’t pay for what Afonina has requested: to place a freeze on her credit files so that no one can access them without her express permission. What’s the cost? “A $10 fee (per credit agency) to place the freeze, plus another 10 bucks every time you authorize access to your files.”
Kelly said that “given the circumstances of this incident, we don’t think it’s necessary.”