[Dataloss] article: Redbox Shows Businesses How To Properly Handle A Data Breach

lyger lyger at attrition.org
Tue Apr 8 21:30:51 UTC 2008


Forwarded to list in reference to:

http://attrition.org/pipermail/dataloss/2008-April/002174.html

From: "McNabb, Joanne at OISPP" <Joanne.McNabb at OISPP.ca.gov>
Date: Tue, 8 Apr 2008 12:24:44 -0700

I think Redbox's notice and use of its Web site is very good at letting
people know about the skimming incident. What's missing is information
on how long the skimmers may have been in place (if that's known) and
what people should do if they used one of the Redbox's with skimmers
installed. Our advice to Californians in such a situation is that the
safest thing to do is to call your bank and close the credit or debit
card account, explaining about the skimming and asking that the account
be reported as "closed by customer request." If unauthorized charges
were made to the account, then the consumer should take the standard
remedial steps for financial identity theft (get police report of
identity theft, write to card issuer and to credit bureaus saying the
charge results from identity theft and enclosing a copy of the police
report, etc. - see our Victim Checklist on the Identity Theft page at
www.privacy.ca.gov). It's particularly critical to notify a bank
promptly if a debit card was used illegally, as there's a tight time
frame for limiting your liability.


Joanne McNabb, CIPP/G
Chief, California Office of Privacy Protection


More information about the Dataloss mailing list