Let’s say you did the smart thing and bought yourself a shredder so no identity thief could dig your personal information out of the trash. Wouldn’t it be funny if the store then tossed your transaction record in the dumpster out back — without shredding it?
That’s exactly what happened to one woman who bought a shredder at a Texas RadioShack — and I don’t think she’s laughing.
She’s also not alone. Yesterday Texas Attorney General Greg Abbott charged RadioShack with tossing thousands of customer records — hers included — into a trash can in an alley behind a RadioShack store near Corpus Christi. We’re talking names, addresses, telephone numbers, Social Security numbers, and credit and debit card information — an identity thief’s dream.
The Texas AG is now investigating whether the dumped records have been used to defraud RadioShack customers. In the meantime, he’s charged the company with violating Texas identity protection laws by exposing thousands of customers to identity theft.
RadioShack hasn’t returned my calls. (I’m trying not to feel too bad about that — they wouldn’t talk to the Washington Post, either.) But in an official response, a RadioShack VP did acknowledge the breach: "Our Northshore Plaza store in Portland, Texas, is part of a shredding program we have in place throughout the state for the secure disposal and destruction of such documents as required by Texas law. In this isolated instance, the store did not act in accordance with this program."
The mea culpa from RadioShack — and, for that matter, the charges brought by the Texas AG — will be cold comfort for any RadioShack customer who has his or her identity stolen thanks to some clueless employee’s poor judgment. Frankly, it also fails to inspire confidence. Will I ever use a credit card at RadioShack again? Not likely.
Then again, thousands of other businesses are just as careless, and I’m sure I do business with some of them. Even in places with strong laws to protect your identity and account information, major data breaches happen on an almost daily basis at businesses, schools, hospitals, and government agencies. It’s enough to make you stick to cash — or just stay home.
Unfortunately, most people don’t consider that a practical option. So how can you protect yourself when making a purchase or applying for credit from a retailer? Here are a few suggestions:
- Insist that the people you do business with take your security as seriously as you do. Ask how they handle, protect, and dispose of sensitive data. If they don’t know, they probably aren’t doing it right.
- Pick one credit card for routine retail purchases and stick to it. That makes closing accounts simple in case of a compromise, while reducing your exposure.
- Trust your intuition. If you feel funny about a clerk or a business, think twice before handing over your data.
- Know the laws that protect customer data where you live. If a business doesn’t follow the law, call them on it, and don’t stop until they comply.
- Don’t be afraid to tell business people about the risks of identity theft. The fact that you’re reading this blog means you know and care more about this than most people do. Share that knowledge — it will mean more coming from a customer, and you’ll be doing a good turn to every customer who comes after you.
- If you think you’ve been put at risk, monitor your bank, credit card, and similar statements carefully for evidence of theft, and consider obtaining copies of your credit reports.
- Got suggestions of your own? Share them by clicking on "Comments" below.
By the way, if you don’t have a shredder, you really should buy one. Just don’t forget your receipt.