With all the stories in the news over the last few years of misplaced laptops and lost data tapes containing personal information, including financial details, such as credit card and social security numbers, it figures that is has now come time for me to finally be the victim. Register.com sent me an e-mail this evening saying that "while less than 2%" of the company's customers were believed to have their account and credit card data on a stolen laptop, that I was one of the lucky ones to be impacted.
As the company's customer service director writes, "you are receiving this letter because we believe that your customer data and credit card information was on this laptop."
Register.com, the domain name service by which I registered louisgray.com and host the site, says that the company has no evidence my data has been misused, that there is a low likelihood of my information being compromised, and that "appropriate third parties and law enforcement agencies have been notified." Yet, despite all of these things, the company still recommends I notify my credit card company, and enroll in an identity theft protection service from Equifax. Helpfully, Register.com is offering me the first 12 months free, though I have no doubts I'd be asked to pay up come a year from now.
Beyond the obvious annoyances this poses, the timing of the e-mail is extremely suspicious. The e-mail was sent after 4 p.m. on a Friday just before an extended holiday weekend. If there were ever a time to try and hide a major security incident from the press, now would be a great time to do so. And despite the potential for identity theft, mysterious charges and significant hassle, the company wraps up the e-mail by saying, "thank you for your continued business partnership with Register.com."
They can only hope so. We'll be watching this situation very closely. Have you ever been the target of identity theft or been alerted your data was at risk?