CONSUMER NEWS    RECALLS    COMPLAINT FORM    SCAM ALERTS  


Complain about a product or service
Small Claims Guide | Class Actions | Lemon Law | FAQ | Resources | Newsletters | Spanish
Automotive    Education    Electronics    Family    Finance    Health    Homeowners    Shopping    Travel   
NEWS   Latest |  Archives |  Auto |  Cells, etc. |  Computers |  Financial |  Health |  Homeowners |  Parents |  Privacy |  Scams |  Seniors |  Travel

Mysterious Computer Theft Hits Mystery Shopping Company


By Martin H. Bosworth
ConsumerAffairs.com

February 22, 2007

Data Theft
Bank Data Breach Affects 12.5 Million Consumers
Data Breaches Exceed 2007 Record
Thieves Steal AT&T Laptop with Employee Data
Report: Data Breach Disclosure Laws Don't Affect Identity Theft
Patient Information Exposed in Data Breach at Walter Reed
Supermarket Chain Reports Data Breach
Report: Feds Still Not Doing Enough To Secure Data
Data Thieves Hit Georgetown University Students, Faculty
800,000 Job Seekers At Risk In Gap Data Breach
TJX Data Breach Settlement Has Strings Attached
More ...

Speedmark, a marketing services firm that employs "mystery shoppers" to observe employee behavior for client companies, was hit with a data breach when thieves stole computers containing some shoppers' personal data from the company's Woodlands, Texas office.

Several computers were taken, one of which contained a database with personally identifying information on mystery shoppers working for Speedmark. The information included names, addresses, e-mail accounts, and Social Security numbers of Speedmark employees and contractors.

The theft was discovered on Dec. 16, 2006, but many shoppers contracted to Speedmark did not receive letters notifying them of the breach until mid-February, 2007.

Many shoppers for Speedmark were frustrated at the length of time the company took to disclose the breach, and by the fact that the letters were mailed as standard postage rather than email or overnight mail, according to comments posted on Volition.com, an online message board that caters to mystery shoppers and independent contractors.

"I received my letter today, over two months after this happened!" fumed shopper "NatashaM." "In my opinion, two months is entirely too long to hear about this. I agree with another poster that stated an e-mail should have been sent immediately (as in the same week of the event) and then they could follow it up with this badly xeroxed letter mailed substandard class."

One reader posted a transcript of the notification letter from Speedmark president Scott Hiller. In the letter, Hiller said that the information on the computer was password-protected, and that the company had notified local law enforcement of the theft.

"Speedmark takes the security of your personal data seriously," Hiller said. "Accordingly, we have taken steps to ensure the security of our premises and equipment to the best of our ability, including security guards during non-business hours until further notice."

Another shopper contacted Speedmark's customer service to get more information.

The company replied that breach notification had taken so long because they company had to "first restore the data from back-ups, identify those who were possibly affected, and contract with a vendor to produce and mail 35,000 letters."

"Notice was provided via mail because we did not have agreements from our shoppers to use email as an acceptable mode of notification," the company said. You must actually stipulate that email (or fax) is acceptable notice to you, or any formal notice must be delivered via US Postal Service in order to be considered a valid delivery attempt of the notice. Without the stipulation, email would not have been sufficient legal notice."

However, an attorney consulted by ConsumerAffairs.com said there was nothing stopping the company from sending emails as a courtesy and following up with a letter.

"It is the height of absurdity to say that because postal mail is the specified form of legal notification, the company's managers couldn't take five minutes to send everyone an e-mail telling them about the theft and alerting them to watch their mail," said the attorney, who asked not to be identified because she did not have first-hand knowledge of the case.

Speedmark representatives refused to comment on the case to ConsumerAffairs.com.

Don't Mess With Texas Data

Under Texas state law, disclosure of data breaches must occur "as quickly as possible," unless law enforcement requests a delay while investigating the incident or "or as necessary to determine the scope of the breach and restore the reasonable integrity of the data system."

William Ballard, the detective assigned to the case, told ConsumerAffairs.com that after two months, the case had "no leads and nowhere to go."

"We have no suspects, the fingerprints we got from the scene aren't usable, and no information," he said. Ballard was investigating the possibility that the Speedmark break-in was part of a ring of computer thefts in the Dallas and Houston areas, as he claimed he had seen a "rash" of cases in recent weeks.

"They just vanish into thin air," Ballard said.

The Mysteries Of Mystery Shopping

The Speedmark case is not only the latest example of a data breach arising from computer theft, but also an indicator of how affected customers and employees can have difficulty addressing the problem.

Mystery shoppers are often employed to work for big companies by third-party vendors such as Speedmark. As such, they are treated as independent contractors, and have to furnish personal information to the hiring vendor for tax purposes -- even if they never get any offers to work for a client.

In addition, mystery shoppers are often easy prey for scammers and con artists looking to cajole cash out of the unsuspecting, often through unneeded "fees" or phisher e-mails.

A mystery shopper who asked to remain anonymous tipped ConsumerAffairs.com regarding the breach. The person noted that the non-disclosure agreements mystery shoppers sign when working for clients would make it difficult to notify authorities and media regarding the theft.

"Are they violating [non-disclosure agreements] with others by admitting they are a mystery shopper?" they asked. "Of course, they blow cover if they appear publicly and can no longer work. You see the conundrum the shoppers are in?"



Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.


Consumer News

August 29 2008

Recent Recalls & Safety Alerts



FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.



Back to the top |

Advertisement


Home | Complaint Form | News | Recalls | FAQ |
Consumer Resources | Small Claims Guide | Lemon Law | Newsletter | Contact Us
Advertise With Us | Testimonials | Newsroom | RSS Feeds |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice.  ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof. 

Copyright © 2003-2008 ConsumerAffairs.com Inc.  All Rights Reserved.    The contents of this site may not be republished, reprinted, rewritten or recirculated without written permission.