Information leakage: what is it? It’s the unauthorized flow of information from a source to a recipient. Although unauthorized, it is not necessarily malicious, but it can still be detrimental.
Let me give you a couple of examples.
Our credit union is, in most cases, very accommodating. However, when it comes to paying bills online either through Bill Pay or the creditor’s site, I argued with them about printing my social security number on my account statement when I paid my Sally Mae loan.When I paid my credit card online, they printed my entire credit card number on my account statement. I called and talked to a credit union customer service rep and could not convince her how bad using these numbers was. I wrote a letter to the credit union, the credit card company, and Sallie Mae, and Sallie Mae changed my account number (which they should have done in the first place). However, I could not convince the credit union to only print the last four digits of the card number.
Think about how many people could possibly see those numbers: database analysts, print and fold operators, customer service reps, postal clerks if the envelope rips … and if the credit union gets hacked, well, who knows?
I finally wrote letters to each member of the credit union board of directors, and voilà! The number displayed on my account statement is now only the last four digits.
Be persistent when this type of thing happens! It’s your information, and nobody else will care as much as you when your identity gets stolen. And other people’s information will be safer also.
Next up: our insurance company, who thinks it’s safe to use my social security number as our account number, as long as they add a three-digit number to it. Now my number is available to doctors, nurses, receptionists, technicians, customer service reps … the list goes on and on. Nobody will guess. Yup. The thinly-disguised-number-is-secure trick.