Craig, I agree with you. Lee Valley is a great company. Their intentions are good.
I only used Lee Valley as an example as I had just returned from their store. The point being more and more companies are asking for data. They don't need that data to sell me an item do they? Or do they? Why ask for it?
I have been personally surprised at some of the information I have been asked for.
Now a company does not have to sell or rent your information to be used in an inappropriate way. Taking away the obvious stolen data bases or accidentally released databases, this information can still be used by creative people in creative ways.
A good example is CIBC VISA.
They recently started sending me an email to tell me that I have made a payment to my account. I'm not happy about it. First off there is no need for this email. I know I paid it. I don't think anyone else would want to pay it. Called them to explain the issues with such an email.
They didn't get it. Had to get creative to prove a point to them.
So here is their eamil.....
You've recently received a $XX.64 payment to your CIBC Classic Visa Card ending in XXXX.
Note: some payments may take up to 3 hours to be displayed on CIBC Online or Mobile Banking.
CIBC is committed to protecting your privacy and personal information. We will not include your personal details in messages outside of Online or Mobile Banking because email is not a secure method of communication.
Do not respond to this email.
From this simple email I have the name of the owner of the card and 12 of the 16 digits of the card already figured out. The first eight are easy. The last eight are hard. They gave me 4 of the last 8. Only 9999 numbers to choose from. But wait it gets better......I can narrow this down very quickly to just over 100 possible valid choices. (I won't explain here how, but its simple).
So I called them back to show them how far I was able to get with this email to prove my point and....tada.....the final answer presents itself to me. When you call the Visa number it asks you to type in your Visa card number.
OK, Now I am using their database
to verify the 100 possible choices to complete my card number. Type in my first number. That is not a valid card number. Please re enter your card number.
It did not take long to get my full card number.
Here I am using their own database to complete my mission. Their email says they ares committed to protecting your privacy and personal information.
Their intentions are good but dangerous. I'm still working on it but I'm sure I can get the expiry date and the secret code. Actually the expiry date will be pretty easy. Most cards will expire with in 5 years....some three. Only 60 possible dates at the max to work with here.
In their email they also state "email is not a secure". This is correct. Anyone can read your email.
Sorry for rambling , point is most companies are operating with the best intentions without realizing that there are so many holes. I'm a small guy in all of this and I can pull off magic.....what are the big players able to do?
Databases are sold , traded and bought all over the web. Some legally. Some not so legal. More and more of these contain photos, audio, and video.
I added the letter N to my last name at Lee Valley. It will be interesting to see if it makes its way back to me.
Have a great night.