Here we go again. Yet another institution who “takes the protection of [my] personal information very seriously” wrote to me to let me know that they lost some unencrypted backup tapes with my SSN and everything. In a way I’d prefer if they said that they don’t take the protection of my personal information seriously. Because now I have to assume that they are incompetent even at the tasks they take seriously, which presumably also includes performing financial transactions (it’s a bank). That they plead dumbness rather than carelessness kind of scares me.
Well, not really. This letter is just damage control of course and whatever reassuring verbiage they put doesn’t mean anything. Everyone is just playing pretend, which is how this whole “identify theft” problem started (“we’ll pretend that the SSN is confidential information and that we can use it to authenticate people”).
A few months ago I wrote that it is now safe to steal my identity because the credit watch service provided by Fidelity following their similar screw-up (laptop stolen from a car that time) had expired. Of course the new breach comes with two years of credit monitoring, courtesy of the incompetent bank.
So here is yet another reason to not buy credit monitoring services (in addition to the fact that they don’t work and that you can get the same thing for free): it’s only a matter of months before the next breach and the free two years of credit monitoring that will ensue.