Earlier today, I pointed out how too much outrage is being directed at NSA data collection compared with almost nonexistent outrage aimed in the direction of corporate data collection and sharing.
And as if on cue, the following two stories emerged today.
First, it appears as if 40 million credit and debit card numbers were stolen from Target.
The nation’s second-largest discounter acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.
The theft marks the second-largest credit card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos. and affected at least 45.7 million card users. […]
Customers who made purchases by swiping their cards at its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed. The stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the card, Target said.
Whoops! I’m almost positive those numbers have been posted to an underground server, probably in Russia. By the way, I’ve spent a considerable sum of money at Target recently using my debit cards. As you can imagine, I’m more than a little concerned by this. The question is: why weren’t those numbers — and especially the three-digit security codes — redacted or encrypted?
Next up, there’s this:
Consumer data companies are selling lists of rape victims, seniors with dementia and even those suffering from HIV and AIDS to marketers, underscoring the need for tighter government regulations, a privacy group told Congress Wednesday.
The World Privacy Forum uncovered these lists, along with several others, while investigating how data brokers collect and sell consumer information. Marketers buy this data so they can target shoppers based on everything from their income to clothing size.
Other lists the nonprofit found included the home addresses of police officers, a mailing list for domestic violence shelters (which are typically kept secret by law) and a list of people with addictive behaviors towards drug and alcohol.
As of right now, private corporations have access to massive data clouds about your spending habits, as well as your most intimate personal details. Based on all the reporting on NSA, there’s nowhere near the same breadth and depth of information being gathered and shared by the government. And, as I noted earlier, no warrants are needed, no court oversight is applied and no permission is requested or granted for these companies to distribute your information however they please. Even if you opt out, almost all banks, for example, can still share your information.
All this hoopla about NSA privacy violations is touching, but totally misplaced and disproportionate to what’s happening inside corporations.