Security snafu at Boston Globe exposes subscriber data

Computerworld - An apparent attempt to recycle discarded internal reports has ended up in the compromise of credit card and bank number information belonging to more than 240,000 subscribers of The Boston Globe and the Worcester Telegram & Gazette.
The snafu occurred when the account information of Globe and T&G subscribers who pay for their home delivery subscriptions by credit card was disclosed on the back of more than 9,000 individual routing slips used to label bundles of the Worcester Sunday Telegram, the Globe said in a statement today. The bank routing information of some T&G subscribers who do not pay by credit card may have also been inadvertently disclosed, the paper said.
Both newspapers are owned by The New York Times Co. and share a computer system.
According to the Globe, discarded reports were recycled as paper used to print the routing slips. The newspaper was alerted to the compromise by an employee at a store that sells copies of the newspaper, said Alfred Larkin, senior vice president of general administration and external affairs at The Boston Globe. "As soon as senior management became aware of the situation, we dispatched a significant portion of our delivery force and attempted to recover as many of the routing slips as possible," he said.
So far, about 1,000 of the routing slips have been recovered, Larkin said. "Most of the others we believe have been discarded," he said.
According to the Globe's account of the incident, data was printed out twice in recent weeks by business office workers at the T&G and then thrown away to be recycled. In one case, an employee started to print a report, stopped the printing before it was done and discarded the paper. In the second, a different employee began printing out a report, realized it was the wrong one, aborted that job and threw the report out.
A majority of the affected individuals are subscribers to The Boston Globe, Larkin said. The company has already contacted the four major credit card companies and also some of the banks involved in the compromise. Later today, it will send letters to the affected individuals informing them of the compromise and any follow-up action they need to take to mitigate exposure to fraud.
"We hope to be able to offer some way of assuring their safety going forward," Larkin said, adding that no decision has been made on what exactly that might be.
Larkin said he does not know how long recycled internal reports have been used to print routing