Would you find it odd if a company that allowed your personal information to be stolen would then want you to freely give your Social Security, address, date of birth and other personal details over the internet?
Have you stayed at a Radisson Hotel in the past year? If so you may be at risk of ID Theft. Radisson and posted an open letter to their customers on the internet informing its customers of a security breach.
The information is somewhat vague, they don’t really tell exactly what happened or to what hotels. Citing “ongoing” investigation they do not reveal how many customers were affected or exactly what information other than credit card numbers and names were taken.
It appears that the data breach may not have affected every record or every hotel. As a result, while they are warning all previous customers, some customers that stayed in a Radisson between November 1998 and May 2009 are being offered more than information about the breach; they are also being offered credit monitoring services through Equifax Credit Watch.
Unfortunately, we were one of the lucky recipients of these letters. Fortunately, because of a previous identity theft experience, we are already well protected with LifeLock (provided free due to a security breach of our insurance company) and with IdExperts, because after some research we felt this was a more robust insurance and protection plan.
Part of the service provided by IdExperts, which we could institute ourselves, is a lock on our credit. As a result I am not particularly concerned about further breaches. In fact I have little doubt that consumers will continue to experience an increasing number of this situations.
Interestingly however is that the instructions provided by Radisson instruct their customers to go to a web site and enter a dossier of information including Social Security, address, phone numbers and date of birth. It is hard to believe that Equifax could implement credit monitoring without this information but is seems oddly ironic. How could a person feel comfortable providing this data? Is pulling up a website any different than calling a stranger via an unknown phone number and divulging this data?
I’ve only been a victim twice but the M.O. in both cases for the company that failed to protect the data is the same. They provide 12 months of protection, that’s all.
Again, I don’t feel too threatened today. But this additional experience has raised some new questions in my mind. In the old cops and robber movies, the bad guys were smart enough to lay low till the heat faded. Is it not possible for an ID thief to sit on the data for a couple of years and then start stealing ID?
Furthermore, while some state laws provide the opportunity to place a freeze on your credit, anytime you want to lift temporarily or remove the freeze you have to go through extra effort and in most cases pay a fee of $5-$10 to process your request. Should the company liable for the theft be required to cover these costs and inconveniences as well?