The aftermath of Target’s hacking

Anyone else out there rethinking their provision of personal information in the wake of the Target hacking?

Because I am not only rethinking it, I am actively removing my information from a number of sites.

I am one of the 70-110 million people whose personal data held by Target was stolen in December — although Target didn’t see fit to email me to confirm that fact until last week.  I might, just might, have been less upset about the situation, had I not just gone through this mess with Adobe, and can now anticipate the same thing with Neiman Marcus.

My Adobe account was hacked in August; fortunately, the card also expired in August, and I had already replaced it.

But in the case of Target, they not only got my credit card numbers, they got my debit card and pin, my name, address, email, phone number and possibly my driver’s license number as well.  Pennsylvania law requires you to present your driver’s license for scanning when you buy cold medicine; no one has yet satisfactorily explained to me whether that information is stored, and was included in the hacking.  The annoyance with the debit card is that, not only do I have to change the card, I have to change the number on every membership that charges that card. I just did it in August; now I have to do it again.

And then, on top of it all, I made some purchases at Neiman’s, and they’ve announced that they were hacked as well.

It’s enough to drive me back to cash-only purchasing.  Especially since the news sources are reporting that several other major retailers were also hacked — and haven’t yet announced it.

It started me thinking about all the places that have my personal information.  The stores that send me a receipt by email.  The shops, hotels and airlines that enrolled me in rewards programs.  The places, online and in the mall, that signed me up to receive my catalogs by email.  The simple fact that Amazon, eBay and Paypal store my credit and bank account information.  Yes, their having my information is incredibly convenient.  But now, I realize that it’s also incredibly dangerous.  Not only if one of these companies should be hacked — but also in how they might be using that information and to whom they could be selling it.  Literally, we have no control once we agree to provide that data to them.

I’ve been toying with the idea of simply unsubscribing from some of these sites, and sending them the required letter to demand they delete my information from their databases.  But now, now I am actually doing it.

The impetus? The realization that they are getting so much more information than they need for their stated purposes.  That fact hit me in the face when I went to register a holiday gift.  For some bizarre reason, to register my cookware warranty on Cuisinart, they need to know my birthdate, gender and a mess of other personal data.

Actually, no they don’t.  They need to know my name, my address, what products I purchased.  I’ve filled out a lot of warranty cards in the past, and none of them asked me for such personal data.  And in light of the hacking of so many stores, there is no way in hell that I will provide that information willingly again to someone who doesn’t need it for a legitimate purpose.  And the registration of a warranty is most definitely not a legitimate purpose.

So I’ve made a list, of every website, store and travel service that I’ve ever enrolled in, subscribed to or done business with.  I’ve started clicking through the emails, hitting the unsubscribe button, then going to the website and pulling up the privacy policy to get the address to which I can send a deletion notice. Realistically, I won’t be able to pull back information from everyone.  Some sites have probably already sold my information to other companies.  I know that I’ll have to be vigilant, unsubscribing to everything I receive, sending deletion notices, watching my bank account and my card statements and my credit report.  But I can do what I can to minimize the danger that my information will be spread further than I desire.

It’s the ultimate nightmare scenario for retailers and marketers.  What happens if everyone just pulls back their data?  I’ve seen stories that claim stores, companies, entire industries could suffer economic damage.  And maybe they will.  But as someone who has already gone through the theft of her personal data once, a decade ago, and now has to deal with it again, as someone who will have to spend extra time guarding her finances and dealing with the inevitable misuse of her name by thieves, whose credit rating has been damaged once and probably will again, I find it hard to feel any sympathy for them.

You want us to give you our personal data? Learn how to be a responsible guardian of that information. And stop blocking the implementation of better technology to protect that data. Implement chip-and-pin card technology. Screen your third-party service providers better. Stand up and take responsibility for your actions.

Until then, though, I’m doing most of my shopping with cash.  And removing my information from everyone who no longer can be trusted with it.

And I’m calling Cuisinart tomorrow, to register my cookware.  Without any of this nonsense about providing my personal data.

Advertisements