As most folks now know hackers broke into Target systems last December and stole financial and other data from 110 million customers. Target has been responding to this breach reasonably well. They’ve been notifying customers that were affected and they’re providing credit monitoring for affected individuals. They seem to be totally on top of protecting their customer’s data and privacy.
Mostly.
They seem to be purchasing or otherwise acquiring email addresses from at least one major retailer in order to send out notifications about the breach to customers that never gave them email addresses. Yes, even those of us who chose not to give Target email addresses are receiving email from them.
I understand Target’s drive to contact affected users. I even appreciate that. What I don’t appreciate is that Target appears to be compromising my security in order to notify me my security was compromised. The data of mine that was compromised at Target would be credit card and possibly address information. My email address was not part of the compromise. So what does Target do? They go and acquire my email address from a third party.
Their solution to the compromise is collecting more data that is vulnerable to compromise from unrelated third parties? I’m not sure this is the most consumer friendly thing Target could do. In my case, Target sent mail to an address I’ve only given to Amazon. That means I now need to worry about my Amazon account security, on top of everything else.
Ironically, the email sent by Target tells me that I can click a link and get free credit monitoring. Then the email goes on to tell me the following:
- Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
- Delete texts immediately from numbers or names you don’t recognize.
- Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Don’t click links within emails I don’t recognize? You mean like the one you just sent me? With a link to a credit monitoring website?
I appreciate the notice. I don’t appreciate is that Target went out of their way to collect more information about me than I actually gave them. I am now worried about Amazon’s security as well. How did Target get an address only provided to Amazon? I don’t appreciate that my efforts to keep my information secure (not providing email address to Target) was undermined by Target themselves.
The full text of the email, with the relevant headers (munged slightly for privacy) is under the cut, if anyone is interested.
Read More