Over 4.2 million credit and debit card numbers might have been vulnerable over a three month period, the story would go on to say, but I had long since stopped paying attention. I didn’t really care that my debit card number had escaped into the great unknowable black market of stolen credit card information—I figured the 34-some-odd dollars in my account wouldn’t be a great loss—but I felt that my trust had been betrayed, as many customers surely did too. Sure enough, by week’s end, class-action lawsuits were already in the works.
I can only imagine the company’s relief when, after three days grabbing front-page headlines in the local daily paper, the Hannaford data breach was no longer the big story. Better yet, it wasn’t even the big security breach story of the week. That honor belonged to the state department.
The revelation late last Thursday that Senator Barack Obama’s passport file had been breached by state department contractors brought up memories of the 1992 incident in which a state department staffer snooped into then-candidate Bill Clinton’s passport file. But when, the day after the Obama incident, it became evident that the files of both Senator Hillary Clinton and Senator John McCain had also been breached, McCain’s record being accessed by one of the same contractors who had looked at Obama’s, the incidents pointed not to political wrangling, but to overzealous curiosity.
Eventually, the 1992 incident was chalked up to poor judgment, not the “hit job” Clinton had alleged. Call me an eternal optimist, but I expect the same result this time around. As I see it, the contractors were testing out their newfound access to the state department system. Like children with new toys, the contractors immediately tried pushing their access to its limits, seeing how far it would go before breaking. I can almost picture a contractor treating the state department database like Google or Facebook, looking up his own file, or that of an old high school crush, an ex-boyfriend, a family member or, apparently, a major-party presidential candidate. The first few of these aren’t nearly as headline-grabbing as the last, and Secretary Rice is unlikely to be making personal phone calls to most of the potential victims involved.
Nevertheless, I find myself in unexpected agreement with Senator McCain on this one. “If anyone’s privacy was breached, then they deserve an apology and a full investigation, and I believe that will take place,” he said after news of the breach of Obama’s file broke. Though there may have been no malicious intent behind the snooping, the information involved is so sensitive that no indiscretion can be tolerated here. Despite the fact that the contractors were just being foolish, in the end, if justice is served, curiosity will cost them their jobs, and rightly so.
In the case of Hannaford’s data breach, over 1,800 complaints have already been filed of fraudulent charges. The company will likely pay damages in judgments and in fines to state and/or federal agencies. Those who breached the system may never be caught, though if they are, they will most likely face charges in the case.
My bank has graciously already issued me a new debit card with a new number, and the incident at Hannaford isn’t going to be enough to keep me from using the card as soon as I receive it. I’m almost certain that some day, my number will once again be exposed, but I see that as the price of progress and the convenience of being able to shop without carrying cash, a separate risk in and of itself. It is incumbent on those who make the service available to ensure its safety, not on those who use it. I shouldn’t have to check my online account daily to be sure that my hard-earned dollars are in safe hands, just as I shouldn’t have to check up on the state department to be sure that unscrupulous contractors aren’t checking up on my travel history, or lack thereof (remember, I burn).