An extremely apologetic Bank of America representative called me the other day with the news that I had fallen victim to one of the hazards and vicissitudes of post-modern American life: the theft of one's Social Security number from the files of a major international corporation.
BofA reported that my number, along with my name, address, telephone number and online banking ID, were all stored in a bank laptop stolen from a car in the Bay Area five weeks ago. What scared me most about this event wasn't that it happened at all, but that I almost shrugged it off -- as though I would have been more surprised to learn that my data were still uncompromised after years of being carelessly shot around the world by banks, credit card companies, and database marketers.
Another shock came when I scoured the news clips to learn what BofA had said publicly about the May 20 theft. It turned out that the bank had never disclosed the incident to the general public. It merely notified the 18,000 California customers whose privacy may have been threatened, as required by state law, and only after a month had elapsed.
Strangely, I'd been certain that I had already read about BofA's laptop theft. But no -- I had confused several earlier incidents. UC Berkeley was the most recent institution to lose a laptop with the private data of thousands of individuals, following similar snafus at General Motors Acceptance Corp. and MCI Inc.
The BofA breach I'd read about involved employees who allegedly sold account numbers belonging to about 60,000 customers to collection agencies. (In a separate incident, the company lost backup tapes containing private information about 1.2 million federal workers.)
These examples of unconscionably slack security had become jumbled together in my mind, seasoned with such other episodes as the sale of personal data to a Nigerian fraud ring by ChoicePoint Inc., a database company, and the hacking of up to 40 million credit-card numbers assigned to customers of Visa USA, MasterCard International, American Express and Discover.
Consumers, obviously, have become powerless to protect themselves from the exposure of their personal data; no amount of individual vigilance can forestall the disclosure of one's Social Security number when it's entrusted to bank employees who can't remember to keep their laptops properly secured.
