It was only a matter of time. USA Today reports on the latest security breach involving “loyalty cards”, this time at CVS.
The data security flaw in the ExtraCare card service was exposed Monday by the grassroots group Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN.
It said anyone could learn what a customer had purchased with an ExtraCare card by logging on to a company Web site with the card number, the customer’s zip code and first three letters of the customer’s last name.
Once logged on, a list of recent purchases could be sent to an e-mail account.
“Loyalty Cards” are the biggest con game in retail marketing. And if you egg ’em on by actually giving your real name and address to these people, you get what you deserve. One day, your insurance company will get a hold of that information, and if you keep buying your condoms, beer, cigarettes, K-Y Jelly and home pregnancy tests at CVS, they’ll know–and they’ll jack up your insurance rates.
seamus says
Couldn’t agree more. There’s almost no incentive to provide a real name and address, and anyone who does is a fool.