http://www.eweek.com/article2/0,1895,1907596,00.asp By Paul F. Roberts January 3, 2006 Some H&R Block customers who received free copies of the company's TaxCut software also had their Social Security numbers exposed, according to a company spokesperson. H&R Block sent a letter to customers in late December saying that a tracking number used on packages containing TaxCut contained the customer's Social Security number as part of a unique, 47-digit tracking number. H&R Block blamed user error for the slip and said the number would be impossible to spot, and that no customer data has been lost or stolen as a result of the mistake, according to Denise Sposato, a spokesperson for H&R Block. H&R Block learned of the slip-up in late December, after a customer informed the company that a unique ID that appeared on the package, above the mailing label, contained his or her Social Security number. The number is used by H&R Block's marketing department, Sposato said. After learning of the mishap, H&R Block moved quickly to identify the source of the error and customers who were affected by it, Sposato said. The Kansas City, Mo., company said it believes that less than 3 percent of those who were mailed a copy of TaxCut had their Social Security numbers used. Sposato declined to say how big the mailing was or to provide an estimate of how many of the company's current and former customers were affected. Sposato said the incident was an accident and "completely contrary to established procedure" at company, which makes its money helping individuals prepare and file tax returns. Social Security numbers are not used to track other mailings, nor are they used to derive the unique tracking numbers used on mailings, she said. H&R Block informed customers of the mistake in a letter, and set up a Web page on the company's site with information for those whose Social Security numbers were disclosed. H&R block feels the risk of identity theft is minimal, Sposato said. This is the first year that H&R Block mailed the TaxCut software to current and former customers. Some of those receiving the tax preparation software have not used H&R Block for a year or more, Sposato said. H&R Block has notified its compliance officer about the problem, but declined to say whether authorities or federal regulators were informed of the information leak. The news from H&R Block is just the latest in a long string of disclosures of corporate data leaks. Just last week, Marriott Vacation Club International, a division of Marriott International Inc., said computer backup tapes with information on more than 200,000 customers disappeared from the company's Orlando, Fla., offices. The tapes may contain credit card numbers, Social Security numbers and addresses of customers of the timeshare property business. Data privacy will be a top issue for federal lawmakers in 2006. The U.S. Congress will consider a federal data breach notification law next year, in addition to new regulations aimed at spyware programs. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Wed Jan 04 2006 - 03:44:14 PST