There are times in our daily encounters with the public and certain customers that we have to wonder why certain companies are allowed to process personal information without the repercussions for the harm that they cause. There usually is some financial benefit realized to the company that processes that information, yet the owners of the company don’t take the necessary steps to insure that the information that they are processing and intend to process is secure.
This week was no different. We received a call from a company in Woodstock, Georgia that was broken into and subsequent robbery that took place the previous evening to the facility. It was very typical in a lot of aspects with access to the ground level and hidden from any street with no subdivision or housing behind it. When I walked the site I thought it would be your typical snatch and grab type of burglary. What made this untypical was the broken plate glass window! Over 1” thick, designed to withstand extreme force and over 100 pounds in weight. It must have taken a serious sledgehammer to break the glass and when it did, what a noise it must have made as it crashed to the floor. The burglar must have been very intent on entry for the effort taken to make entrance.
The customer stated that what was stolen was several computers and paper files that contained data that was personal in nature, associated credit card information, social security numbers, date of birth information and location of the applicants. We instructed the customer that they had to report the theft and the stolen information to the necessary authorities for the perspective data loss. We also provided the customer with a quote for the installation of a security system and prepared to install the system the following day.
Determination was made by the customer to do nothing. The justification they used, why would anyone break into this building again and after all who can afford monitoring fees in a troubled economy? Not one word was brought up about protecting the information of the individuals they would be processing in the future (at a profit I might add), as they continue to operate their company. Additionally they have multiple locations and each location does not have any form of security other than a lock. Unbelievable!
This is a great example of neglect of PCI Compliance, Red Flag Rules and Identity Theft ignorance. Personally, I think the owners of this telemarketing firm should spend a few months in jail and be financially responsible for the expenses for damages to each individual’s credit and Identity.
What can we all learn from this? They made two key mistakes that could have avoided the information and data loss. One, a security system would have notified authorities of any glass break activity and subsequent burglary. Two, secure private, sensitive information in your office in a heavy, locked, safe. If the safe is too heavy to carry, a burglar usually will not attempt to carry it. Three, don't give personal information to telemarketers over the phone, EVER!
I can only imagine the surprise to the individuals whose information was compromised in this burglary as they find their personal information sold on the black market and the nightmare it will take to fix it.
