Imagine receiving numerous emails from a company but the content of these emails clearly show that you are not the intended recipient. As you look closer you realize that the content is personal information belonging to the company’s customers. Somehow the company inadvertently sent the emails to you because your email address contains all or part of their company name. You casually contact the company and bring this breach to their attention. They thank you and tell you that they have addressed the issue and it won’t happen again. But it keeps happening over and over and over.
One representative from the company even tells you that you will need to go into all of their stores and speak to the managers in those stores and have them remove your email address from their system. This sounds like more than a matter of inconvenience, it sounds absolutely absurd–not just because this representative had the audacity to make this request but the fact that they would expect you to contact thousands of store locations, when the quick and easy solution is to call on management to resolve the issue. Who would even form their mouth to utter the words “you will need to go to each of our stores to make this request so each store can manually remove your email address from its computer”? Clearly someone would because it was done.
You reach out for help to outside sources and they are told by this company that the matter is resolved. But clearly it isn’t. So months and months of breached emails hit your inbox and this large corporation does not seem phased because the information in these emails do not include customers social security numbers or driver’s license numbers, so most likely in their mind this isn’t a serious breach. Well let’s look at something. If documents within the emails include the customers names, addresses, phone numbers, and billing information doesn’t that then make their customers vulnerable and exposed? Is it not a possibility that someone could take this information and commit multiple crimes to include identity theft, harassment, stalking, robbery, or worse?
There are a number of management concerns to consider with this situation. Especially since the company happens to be Sprint, yes the telecommunications giant. This story was reported by Gizmodo who contacted Sprint on behalf of the email recipient, Amy Komo, who reached out to Gizmodo when her efforts were going unresolved. Then Gizmodo reached out to one of the Sprint customers whose information was inadvertently sent to Ms. Komo. The customer had no clue that their information had been leaked, Sprint never contacted them, and the customer never received the emailed documents from Sprint.
Since their outreach, Ms. Komo has been gaining further assistance from digital rights organization Electronic Frontier Foundation, to stop the data leak.
What will motivate Sprint and other companies to take every leak of customers personal information seriously?