Defective Comcast security exposes 26.5m customers' partial Social Security Numbers and addresses

#1

Originally published at: https://boingboing.net/2018/08/09/most-hated-cable-operator.html

#2

So is this an actual breach or a hypothetical breach?

#3

Partial data was “exposed” not explicitly gathered.

Regardless, this is why I make manual payments for my internet every month. These clowns aren’t trust worthy with saved financial data.

1 Like
#4

Slightly off topic GDPR rant.

Under GDPR IP addresses are considered PII (Personally Identifiable Information) and subject to similar protections as names, email address, phone numbers etc. While I’m not sure I agree that IP addresses actually are PII (consider how many people at your local Starbucks are accessing web sites using the same internet routable IP, or obtaining access with or without permission to your neighbor’s wi-fi network), the EU has decided that it is, and must be adequately protected. From a compliance perspective this a major headache. On one hand we are obligated to support GDPR’s “right to be forgotten” (implying we would somehow go back in all our logs and backups to delete any references to a client’s IP address if requested), while on the other hand we are obligated, usually under contract to preserve these logs that contain these IP addresses for a specified duration, so that when something bad happens we can figure out exactly what happened. You cannot have it both ways. So while I totally support the spirit and intent of GDPR as a whole, the specifics of its implementation leave a lot to be desired when applied to real-world situations, and I fear that the difficulties organizations face in attempting to be GDPR compliant basically mean nobody is actually capable of being fully GDPR compliant and as a result the standard becomes meaningless.

#5

Why does comcast have any portion of a social security number at all?

SSN isn’t for identification. Using it as such for something like a credit check is a misuse of data they have no business handling at all.

2 Likes
#6

They have it for credit history checks. When you initially sign up for service they run a credit history check to see if you’ll need to put a deposit down before your service starts.

They keep it on after the fact because “fuck you”.

1 Like
#7

It’s a misuse of the SSN system to use people’s SSN numbers as identification. It says so right on the card.

It frankly ought to be illegal to even ask for that if you’re not a government service.

2 Likes
closed #8

This topic was automatically closed after 5 days. New replies are no longer allowed.