Last week, the New Hampshire Union Leader newspaper reported the data breach at the Bill Dube Ford/Toyota dealership when computer data tapes were stolen. The stolen data included the:
"Personal information from thousands of people in New Hampshire and Massachusetts...The pilfered data include names, addresses, Social Security numbers and driver's license information, but no financial data such as credit card information, from customers at Bill Dube's dealerships in Dover and Wilmington, Mass."
The number of people affected by this data breach was estimated at over 10,000. It's unacceptable that, four months later, the dealership doesn't know the contents of the stolen data tapes. A computer security expert should have been hired to help determine the tape contents.
Also, the dealership was extremely slow to notify affected consumers since the theft was were discovered on August 5 and customers were notified in a letter dated December 5. That delay is totally unacceptable.
This breach is also noteworthy due to the crisis in the auto industry. As the U.S. Federal Government debates whether or not to provide bailout monies to the U.S. auto manufacturers, the result has implications for hundreds of auto dealerships.
Should one or more auto companies go out of business, the same would likely happen with hundreds of auto dealerships. Yes, hundreds of thousands of people could lose their jobs. Beyond that, the closing of auto dealerships raises the question about the data security of the sensitive personal data archived at those dealerships. Will those dealerships adequately protect that data? Will dealerships that go out of business effectively destroy sensitive data? Who is looking out for the consumers' interests?
Here's an idea. The oil companies should bail out the auto companies. Why?
First, the oil companies have huge amounts of cash. Remember the oil companies made record profits over the past few years as gas rose near $4.00 per gallon. Second, the oil and auto industries have a symbiotic relationship. One industry sells what the other industry's products consume. The oil companies have a stake in the health of the auto industry.
Third, it gets the Federal government out of the corporate bailout game, a place where government doesn't have the necessary skills and expertise. Fourth, it's an opportunity for oil companies to do something patriotic: save several major American companies and save thousands of jobs. Just think of the goodwill oil companies would collect.
I agree with your idea and you should share it with a well known radio announcer to spread it and you could email your congressman to get it brought up quickly. Both industries are money hungry and probably wouldn't help the other even though they ought to.
Posted by: automotive crm software | Wednesday, February 23, 2011 at 10:56 AM
First of all, in regards to protecting sensitive data, I'm not sure why the article is targeting auto dealerships as there are NUMEROUS businesses which store data that contain sensitive personal data such as banks, doctor's offices, insurance companies. There are so many that I can't even think of them all and many businesses do go out of business all the time.
I do think the lapse in time (around 2 month) that the dealer took to notify victims is unacceptable. Consumers need to know right away so they can put blocks on their credit reports (called a "fraud alert").
Posted by: Automotive Seo | Wednesday, February 23, 2011 at 02:36 PM
Auto SEO:
You are correct. Lots of businesses store consumers' sensitive personal data. As I see it, the Union Leader article didn't target all auto dealers, It just informed and alerted its local readership, many of whom may have been breach victims.
Since I started writing this blog, I have learned that many consumers are confused about data breaches and identity theft. Consumers are unclear if the breach notice is valid and what to do next. Some states' AG offices publish data breach letters and notices online, but most don't. So newspaper articles are a good way to alert consumers about breaches. Blogs are another source. Many consumers read this blog to learn about the issues.
One issue is to alert consumers about the types of businesses that store their personal data. Lots of people buy cars at auto dealerships. You will find in this blog many posts about breaches at other businesses: schools, hospitals, banks, retail stores, and so forth. So, there is no targeting going on.
The data breach at the auto dealership brought attention upon itself and the dealership industry. You might say "self-targeted." The best way for a business to not endure negative publicity like this is to adequately protect the sensitive personal information about consumers that it collects. It's really that simple.
George
Editor
http://ivebeenmugged.typepad.com
Posted by: George | Wednesday, February 23, 2011 at 03:01 PM
That's really troubling! Hacked data are difficult to retrieve, and something should be done as soon as possible to recover the losses. Hmm, you raise a good point there, since both of them function as one. Anyways, I hope all is well now.
Posted by: Simon Schempp | Thursday, October 06, 2011 at 10:50 AM