Egghead Customer? Your Data Goes To Fry's

An anonymous reader says: "I bought some things from onsale.com, which then became egghead.com. Somewhere in that time, their credit card database got jacked, for which they sent me a nice e-mail saying everything was ok. Now I've got a mail that I don't like at all, with the subject 'IMPORTANT MESSAGE REGARDING THE TRANSFER OF YOUR CUSTOMER INFORMATION.' Well. that's pretty much it. egghead.com info will go to Fry's Electronics, unless the customer explicitly requests that it not. How often does it happen that when a company goes under that they just sell their customer info and just not tell anyone?" Here are links to the Egghead info page and privacy and security policy.

I got this email also

[eap]

My personal info was stolen some time back and was used fraudulently to purchase some items at egghead.com

I tried the link to opt out, but you have to have a user id and password to do this! I don't have them because the criminal who stole my CC created them.

As a result, there is no way for me to get them to remove my personal info, which wasn't supposed to be in their database in the first place!

Egghead.com was also cracked about a year or so ago. They have a very poor track record of safeguarding their customers' information.

Things like this make me want stricter privacy controls for personal information.

Canadian policy regarding info transfer

[Angry+White+Guy]

The Canadians have introduced bills to prevent this from happening. The company must ask your explicit permission or else both companies will be held accountable. This also leaves the door open for the good old fashioned class action lawsuit
I'm just not sure if this was passed already or not. I guess I should find out, being Canadian and all.

Angry White Guy

--Consience is a hinderance only afforded by the common man

the changes that will take place in info

[perdida]

Whether the data goes to Fry's or elsewhere, most data generated by virtual processes, and all other electronic transactions, will be used in ensuring security. This is especially likely due to Tuesday's tragedy.

Information's nature will change soon.

On NPR today, someone was explaining the use of electronic information as a possible alternative to ethnic, cultural, or social profiling of airplane passengers and other people who frequent public places.

The security officials would use credit-card data, bill and purchase data, phone records, and bank data in order to verify that you have an established address, haven't moved around too much or done anything that provokes suspicion.

In effect, we will all have different "clearance levels" in regular civilian society, which will decide for us whether we are stopped, interviewed, strip searched; what our freedom of movement and consumer activity will be; and what kinds of security-vital private sector training, such as computer or pilot skills, that we can enjoy.

Re:Customer Information is an Asset

I'm very happy this is illegal in Germany, where I live. (We have some quite heavy personal data protection laws). And is it SO bad for companies being sold to send a letter to all their customers "we are selling to another company"?

My travel agency was recently bought by another one, meaning they had to throw away their customer database (although practically nothing much but the name of the company has changed - same employees, same computers...) but gave slight fare reductions for old customers who would come back.

OPT-IN is the way to go!

case study

[flufffy]

here's a concrete example altho i do not know if it was discussed here.

in the fall of 2000, toysmart, an online toy retailer partly owned by the walt disney corporation, filed for chapter 11 bankruptcy, and announced that it was including its customer data base as one of the assets to be liquidated. disney had injected $45 million into toysmart but finally pulled the plug in may 2000, and shortly after toysmart filed for bankruptcy.

it then emerged that toysmart considered its database of customer information to be a liquidisable asset, that it would sell, in effect, to the highest 'trustworthy' bidder.

the federal trade commission disagreed with toysmart, and for a while considered blocking the sale, before finally allowing it to proceed under restricted conditions. notably, these conditions did not include any obligation on the part of toysmart's creditors to either inform or obtain permission from toysmart's customers. in the end, the data did not provoke a bidding frenzy: the highest offer had come from disney itself ($50,000), with the next highest offer being $15,000 from a market research firm in maine.

for more info search google, cnet, etc., with relevant terms.