Update to Restaurant Depot/Jetro breach
The recent Restaurant Depot/Jetro breach that I reported on Dec. 7 provides a timely example of the issue of unreimbursed harm that consumers grapple with on a daily basis. As I continue to follow media coverage on that breach, it is clear that not only is there financial impact of this breach (the hacked card numbers have been misused), but there have been other types of as yet unreimbursed harm.
In today’s Boston Herald, Jerry Kronenberg reports how one customer of Restaurant Depot was affected:
Cris Maloof of Quincy’s Schoolhouse Pizza said scammers charged $14,000 on three of his credit cards, while his wife found her account shut off when she went shopping on Black Friday.
The bank ultimately straightened everything out, but someone contacted Schoolhouse Pizza’s utility and had the power shut off this week. That took Maloof an hour to reverse.
“It’s insane,” he said. “The inconvenience and the amount of hoops I’ve had to jump through — with the bank, with getting a new tax identification number, with everything — was just ridiculous.”
Not all of the 300,000 affected customers may have stories like that and Restaurant Depot has offered credit restoration services and reimbursement for expenses incurred, but it is not clear what happens to reimbursement for time spent and frustration.
I think Restaurant Depot is trying to do the right thing by its customers (although some will undoubtedly point out that obviously, they were not PCI compliant and could have avoided the entire mess). But at the end of the day, are customers really made whole by packages such as that offered in this case? And what about those entities that do not even offer credit restoration services and compensation? Is the best we can hope for harm minimization without full restoration and compensation? Is this the price we pay if we use plastic and trust others with our data? Or is there a better way – with or without regulation?
Major Tom - December 20, 2011
Credit Restoration is good for how long? How many crooks see the vulnerable person as a juicy “A+” candidate, then a B, then a C and so forth. I think once your PII data is out there its just a matter of time. I am sure there are a few crooks that will offer the data just once and get rid of it, but others may hold onto it in hopes that it can be used again in the future. The water gets really murky as to where PII info has come from. Some will accuse the company that got breached, but what aboiut those companies that do not offer such information….”Hype-pathetically” speaking, if a cover up occurs, whether by workers, managers or a combo of each, the true path to the leaking of PII is almost untracable. Crooks know this.
As far as reimbursement for time and pain, it should be charged via a documented hourly wage. If a person is standing in a line or resolving a PII or CC issue, rather than doing his job, an average, or a well documented timeline with reciepts which show time, date and costs involved could be used as a restitutional plea.
Many Financial institutions are greedy. Most want part of the consumer knee-jerk purchasing with a credit card. They get to pay the price when it becomes violated. They know the risk thats associated with Credit Card usage, but they continue to offer those services – and its a widespread pandemic. The money must still be OK, otherwise they would turn the leaky tap off completely.
Which costs more? A technology upgrade/refresh of the credit card industry – very possible if they work togther, or keep on using antiquated services that are obviously broken?
Sure people can use cash, money orders, wire transfers and the like and be more secure than others. One has to remember that the risk then transfers to the “insider” and technologies such as skimmers.
Fix all this, and then the crooks will get insiders to change out money drawers with counterfit bills and poison the economy even more. The possibilities are endless. depends on how hard you want to look to see whats going on in the world.
Treat the PII CC violators as they should be. Give them mandatory sentences, much like the convicted DUI DWI people are. Leaving room for negotiations and mis-interpretation of laws and the twisting of them, will only make this worse.
The American dream is to have houses; have the Family business running smoothly and the comfort knowing that all is safe. The “American” may still be there, but know they dark side will taint even some of the best people, with promises of making a quick dollar – until the smaller fish are caught, and the bigger ones move on to find other puppets.
There isn’t a simple solution to this issue. Its like a toxic spillage in a highly vulnerable area. They initial cleanup will take some time, but what about the after-effects many years down the road?