This is going to continue until legislation is introduced to fine companies for each customer data point exposed. Eg a single data point = $100. Email, name, address - that's $300 per customer.
Some recent hack exposed my name, address, email, and phone number. Now I regularly get emails that are just all these details and an attachment.
Turns out it's just a run of the mill bitcoin blackmail letter in a pdf file. I should read it very carefully, they will visit <my name> in <my city> if I don't act, they totally control my phone and my laptop, etc.
I got those daily as well, very funny some of them use my old address with an even older google street view before the home was built, claiming they just "visited your house yesterday"
It sounds like in this case, Comcast provided data to a 3rd party so they could try to collect on past due accounts. I’m surprised it isn’t more common to keep your data in house and provide programmatic access to data on as needed basis combined with auditing and access controls.
You can make 3rd parties sign all kinds of agreements, but even if they are held responsible, it diminishes your brand too. An entity as large as Comcast could afford to make an API instead of providing direct access to raw data.
In my experience, it's not that organizations are unable to fix the collections sides of their orgs, it's that they don't care to on an organizational level. It's a lot easier to share a spreadsheet over email regardless of the consequences than to go outside your lane and advocate for spending resources to do something better. You aren't going to win any credit, debt collectors are going to complain, and the only people who might benefit are easily disregarded as leeches because the system thinks their account is delinquent.
I'm more curious at what point Comcast is responsible for handing your PII to that shitty little debt collector organization that let your information leak onto the internet because they really have no concept of IT security.
Not like you as a delinquent customer willingly shared your information with that shitty debt collector organization that leaked it, so who's really responsible?
You have the dregs of society (debt collectors) winning business contracts and getting customer PII handed to them, which turns around and harasses the dregs of society (delinquent isp customers), and eventually the dregs gets hacked (pick one).
I'm sure the bottom feeders of the debt collection world don't exactly employ best practice security and data storage, color me shocked. Hope their E&O insurance is paid up at least.
This is going to continue until legislation is introduced to fine companies for each customer data point exposed. Eg a single data point = $100. Email, name, address - that's $300 per customer.
Some recent hack exposed my name, address, email, and phone number. Now I regularly get emails that are just all these details and an attachment.
Open the attachments...we're all dying to know.
Turns out it's just a run of the mill bitcoin blackmail letter in a pdf file. I should read it very carefully, they will visit <my name> in <my city> if I don't act, they totally control my phone and my laptop, etc.
Basically this scam but with more personal info included: https://consumer.ftc.gov/consumer-alerts/2020/04/scam-emails...
I got those daily as well, very funny some of them use my old address with an even older google street view before the home was built, claiming they just "visited your house yesterday"
It sounds like in this case, Comcast provided data to a 3rd party so they could try to collect on past due accounts. I’m surprised it isn’t more common to keep your data in house and provide programmatic access to data on as needed basis combined with auditing and access controls.
You can make 3rd parties sign all kinds of agreements, but even if they are held responsible, it diminishes your brand too. An entity as large as Comcast could afford to make an API instead of providing direct access to raw data.
In my experience, it's not that organizations are unable to fix the collections sides of their orgs, it's that they don't care to on an organizational level. It's a lot easier to share a spreadsheet over email regardless of the consequences than to go outside your lane and advocate for spending resources to do something better. You aren't going to win any credit, debt collectors are going to complain, and the only people who might benefit are easily disregarded as leeches because the system thinks their account is delinquent.
Is there any evidence that Comcast cares or needs to care about their reputation?
I'm more curious at what point Comcast is responsible for handing your PII to that shitty little debt collector organization that let your information leak onto the internet because they really have no concept of IT security.
Not like you as a delinquent customer willingly shared your information with that shitty debt collector organization that leaked it, so who's really responsible?
"We don't care. We don't have to!" https://vimeo.com/355556831
I prefer more Honest Cable Company: https://www.youtube.com/watch?v=0ilMx7k7mso
You have the dregs of society (debt collectors) winning business contracts and getting customer PII handed to them, which turns around and harasses the dregs of society (delinquent isp customers), and eventually the dregs gets hacked (pick one).
I'm sure the bottom feeders of the debt collection world don't exactly employ best practice security and data storage, color me shocked. Hope their E&O insurance is paid up at least.